summaryrefslogtreecommitdiffstats
path: root/distro
diff options
context:
space:
mode:
Diffstat (limited to 'distro')
-rw-r--r--distro/Makefile.am5
-rw-r--r--distro/Makefile.in530
-rw-r--r--distro/common/cz.nic.knotd.conf9
-rw-r--r--distro/common/knot.service30
-rw-r--r--distro/common/system-local.conf5
-rw-r--r--distro/config/apkg.toml24
-rw-r--r--distro/pkg/arch/PKGBUILD66
-rw-r--r--distro/pkg/arch/knot.sysusers1
-rw-r--r--distro/pkg/arch/knot.tmpfiles.arch2
-rw-r--r--distro/pkg/deb-nolibxdp/changelog6
-rw-r--r--distro/pkg/deb-nolibxdp/clean2
-rw-r--r--distro/pkg/deb-nolibxdp/compat1
-rw-r--r--distro/pkg/deb-nolibxdp/control283
-rw-r--r--distro/pkg/deb-nolibxdp/copyright179
-rw-r--r--distro/pkg/deb-nolibxdp/cz.nic.knotd.conf9
-rw-r--r--distro/pkg/deb-nolibxdp/docs1
-rw-r--r--distro/pkg/deb-nolibxdp/knot-dnssecutils.install3
-rw-r--r--distro/pkg/deb-nolibxdp/knot-dnssecutils.manpages3
-rw-r--r--distro/pkg/deb-nolibxdp/knot-dnsutils.install3
-rw-r--r--distro/pkg/deb-nolibxdp/knot-dnsutils.manpages3
-rw-r--r--distro/pkg/deb-nolibxdp/knot-doc.install1
-rw-r--r--distro/pkg/deb-nolibxdp/knot-doc.links5
-rw-r--r--distro/pkg/deb-nolibxdp/knot-exporter.install3
-rw-r--r--distro/pkg/deb-nolibxdp/knot-host.install1
-rw-r--r--distro/pkg/deb-nolibxdp/knot-host.manpages1
-rw-r--r--distro/pkg/deb-nolibxdp/knot-module-dnstap.install1
-rw-r--r--distro/pkg/deb-nolibxdp/knot-module-geoip.install1
-rw-r--r--distro/pkg/deb-nolibxdp/knot.dirs1
-rw-r--r--distro/pkg/deb-nolibxdp/knot.init149
-rw-r--r--distro/pkg/deb-nolibxdp/knot.install8
-rw-r--r--distro/pkg/deb-nolibxdp/knot.manpages6
-rw-r--r--distro/pkg/deb-nolibxdp/knot.postinst16
-rw-r--r--distro/pkg/deb-nolibxdp/knot.postrm21
-rw-r--r--distro/pkg/deb-nolibxdp/knot.service30
-rw-r--r--distro/pkg/deb-nolibxdp/libdnssec9.install1
-rw-r--r--distro/pkg/deb-nolibxdp/libdnssec9.symbols96
-rw-r--r--distro/pkg/deb-nolibxdp/libknot-dev.install3
-rw-r--r--distro/pkg/deb-nolibxdp/libknot14.install1
-rw-r--r--distro/pkg/deb-nolibxdp/libknot14.symbols276
-rw-r--r--distro/pkg/deb-nolibxdp/libzscanner4.install1
-rw-r--r--distro/pkg/deb-nolibxdp/libzscanner4.symbols12
-rw-r--r--distro/pkg/deb-nolibxdp/not-installed1
-rwxr-xr-xdistro/pkg/deb-nolibxdp/prepare-environment38
-rw-r--r--distro/pkg/deb-nolibxdp/python3-libknot.install2
-rwxr-xr-xdistro/pkg/deb-nolibxdp/rules101
-rw-r--r--distro/pkg/deb-nolibxdp/source/format1
-rwxr-xr-xdistro/pkg/deb-nolibxdp/tests/authoritative-server150
-rw-r--r--distro/pkg/deb-nolibxdp/tests/control13
-rwxr-xr-xdistro/pkg/deb-nolibxdp/tests/kdig14
-rw-r--r--distro/pkg/deb-nolibxdp/ufw/knot4
-rw-r--r--distro/pkg/deb-nolibxdp/watch4
-rw-r--r--distro/pkg/deb-noxdp/changelog6
-rw-r--r--distro/pkg/deb-noxdp/clean2
-rw-r--r--distro/pkg/deb-noxdp/compat1
-rw-r--r--distro/pkg/deb-noxdp/control287
-rw-r--r--distro/pkg/deb-noxdp/copyright179
-rw-r--r--distro/pkg/deb-noxdp/cz.nic.knotd.conf9
-rw-r--r--distro/pkg/deb-noxdp/docs1
-rw-r--r--distro/pkg/deb-noxdp/knot-dnssecutils.install3
-rw-r--r--distro/pkg/deb-noxdp/knot-dnssecutils.manpages3
-rw-r--r--distro/pkg/deb-noxdp/knot-dnsutils.install2
-rw-r--r--distro/pkg/deb-noxdp/knot-dnsutils.manpages2
-rw-r--r--distro/pkg/deb-noxdp/knot-doc.install1
-rw-r--r--distro/pkg/deb-noxdp/knot-doc.links5
-rw-r--r--distro/pkg/deb-noxdp/knot-exporter.install3
-rw-r--r--distro/pkg/deb-noxdp/knot-host.install1
-rw-r--r--distro/pkg/deb-noxdp/knot-host.manpages1
-rw-r--r--distro/pkg/deb-noxdp/knot-module-dnstap.install1
-rw-r--r--distro/pkg/deb-noxdp/knot-module-geoip.install1
-rw-r--r--distro/pkg/deb-noxdp/knot.dirs1
-rw-r--r--distro/pkg/deb-noxdp/knot.init149
-rw-r--r--distro/pkg/deb-noxdp/knot.install8
-rw-r--r--distro/pkg/deb-noxdp/knot.manpages6
-rw-r--r--distro/pkg/deb-noxdp/knot.postinst16
-rw-r--r--distro/pkg/deb-noxdp/knot.postrm21
-rw-r--r--distro/pkg/deb-noxdp/knot.service30
-rw-r--r--distro/pkg/deb-noxdp/libdnssec9.install1
-rw-r--r--distro/pkg/deb-noxdp/libdnssec9.symbols96
-rw-r--r--distro/pkg/deb-noxdp/libknot-dev.install3
-rw-r--r--distro/pkg/deb-noxdp/libknot14.install1
-rw-r--r--distro/pkg/deb-noxdp/libknot14.symbols225
-rw-r--r--distro/pkg/deb-noxdp/libzscanner4.install1
-rw-r--r--distro/pkg/deb-noxdp/libzscanner4.symbols12
-rw-r--r--distro/pkg/deb-noxdp/not-installed1
-rwxr-xr-xdistro/pkg/deb-noxdp/prepare-environment38
-rw-r--r--distro/pkg/deb-noxdp/python3-libknot.install2
-rwxr-xr-xdistro/pkg/deb-noxdp/rules95
-rw-r--r--distro/pkg/deb-noxdp/source/format1
-rwxr-xr-xdistro/pkg/deb-noxdp/tests/authoritative-server150
-rw-r--r--distro/pkg/deb-noxdp/tests/control13
-rwxr-xr-xdistro/pkg/deb-noxdp/tests/kdig14
-rw-r--r--distro/pkg/deb-noxdp/ufw/knot4
-rw-r--r--distro/pkg/deb-noxdp/watch4
-rw-r--r--distro/pkg/deb/changelog6
-rw-r--r--distro/pkg/deb/clean2
-rw-r--r--distro/pkg/deb/compat1
-rw-r--r--distro/pkg/deb/control284
-rw-r--r--distro/pkg/deb/copyright179
-rw-r--r--distro/pkg/deb/cz.nic.knotd.conf9
-rw-r--r--distro/pkg/deb/docs1
-rw-r--r--distro/pkg/deb/knot-dnssecutils.install3
-rw-r--r--distro/pkg/deb/knot-dnssecutils.manpages3
-rw-r--r--distro/pkg/deb/knot-dnsutils.install3
-rw-r--r--distro/pkg/deb/knot-dnsutils.manpages3
-rw-r--r--distro/pkg/deb/knot-doc.install1
-rw-r--r--distro/pkg/deb/knot-doc.links5
-rw-r--r--distro/pkg/deb/knot-exporter.install3
-rw-r--r--distro/pkg/deb/knot-host.install1
-rw-r--r--distro/pkg/deb/knot-host.manpages1
-rw-r--r--distro/pkg/deb/knot-module-dnstap.install1
-rw-r--r--distro/pkg/deb/knot-module-geoip.install1
-rw-r--r--distro/pkg/deb/knot.dirs1
-rw-r--r--distro/pkg/deb/knot.init149
-rw-r--r--distro/pkg/deb/knot.install8
-rw-r--r--distro/pkg/deb/knot.manpages6
-rw-r--r--distro/pkg/deb/knot.postinst16
-rw-r--r--distro/pkg/deb/knot.postrm21
-rw-r--r--distro/pkg/deb/knot.service30
-rw-r--r--distro/pkg/deb/libdnssec9.install1
-rw-r--r--distro/pkg/deb/libdnssec9.symbols96
-rw-r--r--distro/pkg/deb/libknot-dev.install3
-rw-r--r--distro/pkg/deb/libknot14.install1
-rw-r--r--distro/pkg/deb/libknot14.symbols276
-rw-r--r--distro/pkg/deb/libzscanner4.install1
-rw-r--r--distro/pkg/deb/libzscanner4.symbols12
-rw-r--r--distro/pkg/deb/not-installed1
-rwxr-xr-xdistro/pkg/deb/prepare-environment38
-rw-r--r--distro/pkg/deb/python3-libknot.install2
-rwxr-xr-xdistro/pkg/deb/rules101
-rw-r--r--distro/pkg/deb/source/format1
-rwxr-xr-xdistro/pkg/deb/tests/authoritative-server150
-rw-r--r--distro/pkg/deb/tests/control13
-rwxr-xr-xdistro/pkg/deb/tests/kdig14
-rw-r--r--distro/pkg/deb/ufw/knot4
-rw-r--r--distro/pkg/deb/watch4
-rw-r--r--distro/pkg/el-7/01-revert-AC_PROG_CC.patch18
-rw-r--r--distro/pkg/el-7/02-fix-compilation-by-using-SHA-1.patch67
-rw-r--r--distro/pkg/el-7/03-doc-don-t-try-to-import-sphinx_panels.patch25
-rw-r--r--distro/pkg/el-7/04-revert-don-t-share-PKCS-11-private-keys.patch166
-rw-r--r--distro/pkg/el-7/knot.service25
-rw-r--r--distro/pkg/el-7/knot.spec333
-rw-r--r--distro/pkg/el-7/knot.tmpfiles3
-rw-r--r--distro/pkg/nix/default.nix86
-rw-r--r--distro/pkg/nix/dont-create-run-time-dirs.patch32
-rw-r--r--distro/pkg/nix/runtime-deps.patch14
-rw-r--r--distro/pkg/nix/top-level.nix8
-rw-r--r--distro/pkg/rpm/knot.spec324
-rw-r--r--distro/tests/README.md16
-rwxr-xr-xdistro/tests/authoritative-server150
-rw-r--r--distro/tests/extra/all/control10
-rwxr-xr-xdistro/tests/kdig14
151 files changed, 6274 insertions, 0 deletions
diff --git a/distro/Makefile.am b/distro/Makefile.am
new file mode 100644
index 0000000..7e55ad7
--- /dev/null
+++ b/distro/Makefile.am
@@ -0,0 +1,5 @@
+EXTRA_DIST = \
+ common \
+ config \
+ pkg \
+ tests
diff --git a/distro/Makefile.in b/distro/Makefile.in
new file mode 100644
index 0000000..c19943d
--- /dev/null
+++ b/distro/Makefile.in
@@ -0,0 +1,530 @@
+# Makefile.in generated by automake 1.16.5 from Makefile.am.
+# @configure_input@
+
+# Copyright (C) 1994-2021 Free Software Foundation, Inc.
+
+# This Makefile.in is free software; the Free Software Foundation
+# gives unlimited permission to copy and/or distribute it,
+# with or without modifications, as long as this notice is preserved.
+
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY, to the extent permitted by law; without
+# even the implied warranty of MERCHANTABILITY or FITNESS FOR A
+# PARTICULAR PURPOSE.
+
+@SET_MAKE@
+VPATH = @srcdir@
+am__is_gnu_make = { \
+ if test -z '$(MAKELEVEL)'; then \
+ false; \
+ elif test -n '$(MAKE_HOST)'; then \
+ true; \
+ elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \
+ true; \
+ else \
+ false; \
+ fi; \
+}
+am__make_running_with_option = \
+ case $${target_option-} in \
+ ?) ;; \
+ *) echo "am__make_running_with_option: internal error: invalid" \
+ "target option '$${target_option-}' specified" >&2; \
+ exit 1;; \
+ esac; \
+ has_opt=no; \
+ sane_makeflags=$$MAKEFLAGS; \
+ if $(am__is_gnu_make); then \
+ sane_makeflags=$$MFLAGS; \
+ else \
+ case $$MAKEFLAGS in \
+ *\\[\ \ ]*) \
+ bs=\\; \
+ sane_makeflags=`printf '%s\n' "$$MAKEFLAGS" \
+ | sed "s/$$bs$$bs[$$bs $$bs ]*//g"`;; \
+ esac; \
+ fi; \
+ skip_next=no; \
+ strip_trailopt () \
+ { \
+ flg=`printf '%s\n' "$$flg" | sed "s/$$1.*$$//"`; \
+ }; \
+ for flg in $$sane_makeflags; do \
+ test $$skip_next = yes && { skip_next=no; continue; }; \
+ case $$flg in \
+ *=*|--*) continue;; \
+ -*I) strip_trailopt 'I'; skip_next=yes;; \
+ -*I?*) strip_trailopt 'I';; \
+ -*O) strip_trailopt 'O'; skip_next=yes;; \
+ -*O?*) strip_trailopt 'O';; \
+ -*l) strip_trailopt 'l'; skip_next=yes;; \
+ -*l?*) strip_trailopt 'l';; \
+ -[dEDm]) skip_next=yes;; \
+ -[JT]) skip_next=yes;; \
+ esac; \
+ case $$flg in \
+ *$$target_option*) has_opt=yes; break;; \
+ esac; \
+ done; \
+ test $$has_opt = yes
+am__make_dryrun = (target_option=n; $(am__make_running_with_option))
+am__make_keepgoing = (target_option=k; $(am__make_running_with_option))
+pkgdatadir = $(datadir)/@PACKAGE@
+pkgincludedir = $(includedir)/@PACKAGE@
+pkglibdir = $(libdir)/@PACKAGE@
+pkglibexecdir = $(libexecdir)/@PACKAGE@
+am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd
+install_sh_DATA = $(install_sh) -c -m 644
+install_sh_PROGRAM = $(install_sh) -c
+install_sh_SCRIPT = $(install_sh) -c
+INSTALL_HEADER = $(INSTALL_DATA)
+transform = $(program_transform_name)
+NORMAL_INSTALL = :
+PRE_INSTALL = :
+POST_INSTALL = :
+NORMAL_UNINSTALL = :
+PRE_UNINSTALL = :
+POST_UNINSTALL = :
+build_triplet = @build@
+host_triplet = @host@
+subdir = distro
+ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
+am__aclocal_m4_deps = $(top_srcdir)/m4/ax_check_compile_flag.m4 \
+ $(top_srcdir)/m4/ax_check_link_flag.m4 \
+ $(top_srcdir)/m4/code-coverage.m4 \
+ $(top_srcdir)/m4/knot-lib-version.m4 \
+ $(top_srcdir)/m4/knot-module.m4 $(top_srcdir)/m4/libtool.m4 \
+ $(top_srcdir)/m4/ltoptions.m4 $(top_srcdir)/m4/ltsugar.m4 \
+ $(top_srcdir)/m4/ltversion.m4 $(top_srcdir)/m4/lt~obsolete.m4 \
+ $(top_srcdir)/m4/sanitizer.m4 $(top_srcdir)/m4/visibility.m4 \
+ $(top_srcdir)/m4/knot-version.m4 $(top_srcdir)/configure.ac
+am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
+ $(ACLOCAL_M4)
+DIST_COMMON = $(srcdir)/Makefile.am $(am__DIST_COMMON)
+mkinstalldirs = $(install_sh) -d
+CONFIG_HEADER = $(top_builddir)/src/config.h
+CONFIG_CLEAN_FILES =
+CONFIG_CLEAN_VPATH_FILES =
+AM_V_P = $(am__v_P_@AM_V@)
+am__v_P_ = $(am__v_P_@AM_DEFAULT_V@)
+am__v_P_0 = false
+am__v_P_1 = :
+AM_V_GEN = $(am__v_GEN_@AM_V@)
+am__v_GEN_ = $(am__v_GEN_@AM_DEFAULT_V@)
+am__v_GEN_0 = @echo " GEN " $@;
+am__v_GEN_1 =
+AM_V_at = $(am__v_at_@AM_V@)
+am__v_at_ = $(am__v_at_@AM_DEFAULT_V@)
+am__v_at_0 = @
+am__v_at_1 =
+SOURCES =
+DIST_SOURCES =
+am__can_run_installinfo = \
+ case $$AM_UPDATE_INFO_DIR in \
+ n|no|NO) false;; \
+ *) (install-info --version) >/dev/null 2>&1;; \
+ esac
+am__tagged_files = $(HEADERS) $(SOURCES) $(TAGS_FILES) $(LISP)
+am__DIST_COMMON = $(srcdir)/Makefile.in
+DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
+ACLOCAL = @ACLOCAL@
+AMTAR = @AMTAR@
+AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@
+AR = @AR@
+AUTOCONF = @AUTOCONF@
+AUTOHEADER = @AUTOHEADER@
+AUTOMAKE = @AUTOMAKE@
+AWK = @AWK@
+CC = @CC@
+CCDEPMODE = @CCDEPMODE@
+CFLAGS = @CFLAGS@
+CFLAG_VISIBILITY = @CFLAG_VISIBILITY@
+CODE_COVERAGE_ENABLED = @CODE_COVERAGE_ENABLED@
+CPP = @CPP@
+CPPFLAGS = @CPPFLAGS@
+CSCOPE = @CSCOPE@
+CTAGS = @CTAGS@
+CYGPATH_W = @CYGPATH_W@
+DEFS = @DEFS@
+DEPDIR = @DEPDIR@
+DLLTOOL = @DLLTOOL@
+DNSTAP_CFLAGS = @DNSTAP_CFLAGS@
+DNSTAP_LIBS = @DNSTAP_LIBS@
+DSYMUTIL = @DSYMUTIL@
+DUMPBIN = @DUMPBIN@
+ECHO_C = @ECHO_C@
+ECHO_N = @ECHO_N@
+ECHO_T = @ECHO_T@
+EGREP = @EGREP@
+ETAGS = @ETAGS@
+EXEEXT = @EXEEXT@
+FGREP = @FGREP@
+FILECMD = @FILECMD@
+GENHTML = @GENHTML@
+GREP = @GREP@
+HAVE_VISIBILITY = @HAVE_VISIBILITY@
+INSTALL = @INSTALL@
+INSTALL_DATA = @INSTALL_DATA@
+INSTALL_PROGRAM = @INSTALL_PROGRAM@
+INSTALL_SCRIPT = @INSTALL_SCRIPT@
+INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@
+KNOT_VERSION_MAJOR = @KNOT_VERSION_MAJOR@
+KNOT_VERSION_MINOR = @KNOT_VERSION_MINOR@
+KNOT_VERSION_PATCH = @KNOT_VERSION_PATCH@
+LCOV = @LCOV@
+LD = @LD@
+LDFLAGS = @LDFLAGS@
+LDFLAG_EXCLUDE_LIBS = @LDFLAG_EXCLUDE_LIBS@
+LIBOBJS = @LIBOBJS@
+LIBS = @LIBS@
+LIBTOOL = @LIBTOOL@
+LIPO = @LIPO@
+LN_S = @LN_S@
+LTLIBOBJS = @LTLIBOBJS@
+LT_NO_UNDEFINED = @LT_NO_UNDEFINED@
+LT_SYS_LIBRARY_PATH = @LT_SYS_LIBRARY_PATH@
+MAKEINFO = @MAKEINFO@
+MANIFEST_TOOL = @MANIFEST_TOOL@
+MKDIR_P = @MKDIR_P@
+NM = @NM@
+NMEDIT = @NMEDIT@
+OBJDUMP = @OBJDUMP@
+OBJEXT = @OBJEXT@
+OTOOL = @OTOOL@
+OTOOL64 = @OTOOL64@
+PACKAGE = @PACKAGE@
+PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@
+PACKAGE_NAME = @PACKAGE_NAME@
+PACKAGE_STRING = @PACKAGE_STRING@
+PACKAGE_TARNAME = @PACKAGE_TARNAME@
+PACKAGE_URL = @PACKAGE_URL@
+PACKAGE_VERSION = @PACKAGE_VERSION@
+PATH_SEPARATOR = @PATH_SEPARATOR@
+PDFLATEX = @PDFLATEX@
+PKG_CONFIG = @PKG_CONFIG@
+PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@
+PKG_CONFIG_PATH = @PKG_CONFIG_PATH@
+PROTOC_C = @PROTOC_C@
+RANLIB = @RANLIB@
+RELEASE_DATE = @RELEASE_DATE@
+SED = @SED@
+SET_MAKE = @SET_MAKE@
+SHELL = @SHELL@
+SPHINXBUILD = @SPHINXBUILD@
+STRIP = @STRIP@
+VERSION = @VERSION@
+abs_builddir = @abs_builddir@
+abs_srcdir = @abs_srcdir@
+abs_top_builddir = @abs_top_builddir@
+abs_top_srcdir = @abs_top_srcdir@
+ac_ct_AR = @ac_ct_AR@
+ac_ct_CC = @ac_ct_CC@
+ac_ct_DUMPBIN = @ac_ct_DUMPBIN@
+am__include = @am__include@
+am__leading_dot = @am__leading_dot@
+am__quote = @am__quote@
+am__tar = @am__tar@
+am__untar = @am__untar@
+bindir = @bindir@
+build = @build@
+build_alias = @build_alias@
+build_cpu = @build_cpu@
+build_os = @build_os@
+build_vendor = @build_vendor@
+builddir = @builddir@
+cap_ng_CFLAGS = @cap_ng_CFLAGS@
+cap_ng_LIBS = @cap_ng_LIBS@
+conf_mapsize = @conf_mapsize@
+config_dir = @config_dir@
+datadir = @datadir@
+datarootdir = @datarootdir@
+dlopen_LIBS = @dlopen_LIBS@
+docdir = @docdir@
+dvidir = @dvidir@
+embedded_libngtcp2_CFLAGS = @embedded_libngtcp2_CFLAGS@
+embedded_libngtcp2_LIBS = @embedded_libngtcp2_LIBS@
+exec_prefix = @exec_prefix@
+fuzzer_CFLAGS = @fuzzer_CFLAGS@
+fuzzer_LDFLAGS = @fuzzer_LDFLAGS@
+gnutls_CFLAGS = @gnutls_CFLAGS@
+gnutls_LIBS = @gnutls_LIBS@
+host = @host@
+host_alias = @host_alias@
+host_cpu = @host_cpu@
+host_os = @host_os@
+host_vendor = @host_vendor@
+htmldir = @htmldir@
+includedir = @includedir@
+infodir = @infodir@
+install_sh = @install_sh@
+libbpf_CFLAGS = @libbpf_CFLAGS@
+libbpf_LIBS = @libbpf_LIBS@
+libdir = @libdir@
+libdnssec_SONAME = @libdnssec_SONAME@
+libdnssec_SOVERSION = @libdnssec_SOVERSION@
+libdnssec_VERSION_INFO = @libdnssec_VERSION_INFO@
+libedit_CFLAGS = @libedit_CFLAGS@
+libedit_LIBS = @libedit_LIBS@
+libexecdir = @libexecdir@
+libfstrm_CFLAGS = @libfstrm_CFLAGS@
+libfstrm_LIBS = @libfstrm_LIBS@
+libidn2_CFLAGS = @libidn2_CFLAGS@
+libidn2_LIBS = @libidn2_LIBS@
+libidn_CFLAGS = @libidn_CFLAGS@
+libidn_LIBS = @libidn_LIBS@
+libknot_SONAME = @libknot_SONAME@
+libknot_SOVERSION = @libknot_SOVERSION@
+libknot_VERSION_INFO = @libknot_VERSION_INFO@
+libkqueue_CFLAGS = @libkqueue_CFLAGS@
+libkqueue_LIBS = @libkqueue_LIBS@
+libmaxminddb_CFLAGS = @libmaxminddb_CFLAGS@
+libmaxminddb_LIBS = @libmaxminddb_LIBS@
+libmnl_CFLAGS = @libmnl_CFLAGS@
+libmnl_LIBS = @libmnl_LIBS@
+libnghttp2_CFLAGS = @libnghttp2_CFLAGS@
+libnghttp2_LIBS = @libnghttp2_LIBS@
+libngtcp2_CFLAGS = @libngtcp2_CFLAGS@
+libngtcp2_LIBS = @libngtcp2_LIBS@
+libprotobuf_c_CFLAGS = @libprotobuf_c_CFLAGS@
+libprotobuf_c_LIBS = @libprotobuf_c_LIBS@
+liburcu_CFLAGS = @liburcu_CFLAGS@
+liburcu_LIBS = @liburcu_LIBS@
+liburcu_PKGCONFIG = @liburcu_PKGCONFIG@
+libxdp_CFLAGS = @libxdp_CFLAGS@
+libxdp_LIBS = @libxdp_LIBS@
+libzscanner_SONAME = @libzscanner_SONAME@
+libzscanner_SOVERSION = @libzscanner_SOVERSION@
+libzscanner_VERSION_INFO = @libzscanner_VERSION_INFO@
+lmdb_CFLAGS = @lmdb_CFLAGS@
+lmdb_LIBS = @lmdb_LIBS@
+localedir = @localedir@
+localstatedir = @localstatedir@
+malloc_LIBS = @malloc_LIBS@
+mandir = @mandir@
+math_LIBS = @math_LIBS@
+mkdir_p = @mkdir_p@
+module_dir = @module_dir@
+module_instdir = @module_instdir@
+oldincludedir = @oldincludedir@
+pdfdir = @pdfdir@
+pkgconfigdir = @pkgconfigdir@
+prefix = @prefix@
+program_transform_name = @program_transform_name@
+psdir = @psdir@
+pthread_LIBS = @pthread_LIBS@
+run_dir = @run_dir@
+runstatedir = @runstatedir@
+sbindir = @sbindir@
+sharedstatedir = @sharedstatedir@
+srcdir = @srcdir@
+storage_dir = @storage_dir@
+sysconfdir = @sysconfdir@
+systemd_CFLAGS = @systemd_CFLAGS@
+systemd_LIBS = @systemd_LIBS@
+target_alias = @target_alias@
+top_build_prefix = @top_build_prefix@
+top_builddir = @top_builddir@
+top_srcdir = @top_srcdir@
+EXTRA_DIST = \
+ common \
+ config \
+ pkg \
+ tests
+
+all: all-am
+
+.SUFFIXES:
+$(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps)
+ @for dep in $?; do \
+ case '$(am__configure_deps)' in \
+ *$$dep*) \
+ ( cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh ) \
+ && { if test -f $@; then exit 0; else break; fi; }; \
+ exit 1;; \
+ esac; \
+ done; \
+ echo ' cd $(top_srcdir) && $(AUTOMAKE) --foreign distro/Makefile'; \
+ $(am__cd) $(top_srcdir) && \
+ $(AUTOMAKE) --foreign distro/Makefile
+Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
+ @case '$?' in \
+ *config.status*) \
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \
+ *) \
+ echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__maybe_remake_depfiles)'; \
+ cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__maybe_remake_depfiles);; \
+ esac;
+
+$(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES)
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
+
+$(top_srcdir)/configure: $(am__configure_deps)
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
+$(ACLOCAL_M4): $(am__aclocal_m4_deps)
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
+$(am__aclocal_m4_deps):
+
+mostlyclean-libtool:
+ -rm -f *.lo
+
+clean-libtool:
+ -rm -rf .libs _libs
+tags TAGS:
+
+ctags CTAGS:
+
+cscope cscopelist:
+
+distdir: $(BUILT_SOURCES)
+ $(MAKE) $(AM_MAKEFLAGS) distdir-am
+
+distdir-am: $(DISTFILES)
+ @srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
+ topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
+ list='$(DISTFILES)'; \
+ dist_files=`for file in $$list; do echo $$file; done | \
+ sed -e "s|^$$srcdirstrip/||;t" \
+ -e "s|^$$topsrcdirstrip/|$(top_builddir)/|;t"`; \
+ case $$dist_files in \
+ */*) $(MKDIR_P) `echo "$$dist_files" | \
+ sed '/\//!d;s|^|$(distdir)/|;s,/[^/]*$$,,' | \
+ sort -u` ;; \
+ esac; \
+ for file in $$dist_files; do \
+ if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \
+ if test -d $$d/$$file; then \
+ dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \
+ if test -d "$(distdir)/$$file"; then \
+ find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \
+ fi; \
+ if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \
+ cp -fpR $(srcdir)/$$file "$(distdir)$$dir" || exit 1; \
+ find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \
+ fi; \
+ cp -fpR $$d/$$file "$(distdir)$$dir" || exit 1; \
+ else \
+ test -f "$(distdir)/$$file" \
+ || cp -p $$d/$$file "$(distdir)/$$file" \
+ || exit 1; \
+ fi; \
+ done
+check-am: all-am
+check: check-am
+all-am: Makefile
+installdirs:
+install: install-am
+install-exec: install-exec-am
+install-data: install-data-am
+uninstall: uninstall-am
+
+install-am: all-am
+ @$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am
+
+installcheck: installcheck-am
+install-strip:
+ if test -z '$(STRIP)'; then \
+ $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \
+ install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \
+ install; \
+ else \
+ $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \
+ install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \
+ "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'" install; \
+ fi
+mostlyclean-generic:
+
+clean-generic:
+
+distclean-generic:
+ -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES)
+ -test . = "$(srcdir)" || test -z "$(CONFIG_CLEAN_VPATH_FILES)" || rm -f $(CONFIG_CLEAN_VPATH_FILES)
+
+maintainer-clean-generic:
+ @echo "This command is intended for maintainers to use"
+ @echo "it deletes files that may require special tools to rebuild."
+clean: clean-am
+
+clean-am: clean-generic clean-libtool mostlyclean-am
+
+distclean: distclean-am
+ -rm -f Makefile
+distclean-am: clean-am distclean-generic
+
+dvi: dvi-am
+
+dvi-am:
+
+html: html-am
+
+html-am:
+
+info: info-am
+
+info-am:
+
+install-data-am:
+
+install-dvi: install-dvi-am
+
+install-dvi-am:
+
+install-exec-am:
+
+install-html: install-html-am
+
+install-html-am:
+
+install-info: install-info-am
+
+install-info-am:
+
+install-man:
+
+install-pdf: install-pdf-am
+
+install-pdf-am:
+
+install-ps: install-ps-am
+
+install-ps-am:
+
+installcheck-am:
+
+maintainer-clean: maintainer-clean-am
+ -rm -f Makefile
+maintainer-clean-am: distclean-am maintainer-clean-generic
+
+mostlyclean: mostlyclean-am
+
+mostlyclean-am: mostlyclean-generic mostlyclean-libtool
+
+pdf: pdf-am
+
+pdf-am:
+
+ps: ps-am
+
+ps-am:
+
+uninstall-am:
+
+.MAKE: install-am install-strip
+
+.PHONY: all all-am check check-am clean clean-generic clean-libtool \
+ cscopelist-am ctags-am distclean distclean-generic \
+ distclean-libtool distdir dvi dvi-am html html-am info info-am \
+ install install-am install-data install-data-am install-dvi \
+ install-dvi-am install-exec install-exec-am install-html \
+ install-html-am install-info install-info-am install-man \
+ install-pdf install-pdf-am install-ps install-ps-am \
+ install-strip installcheck installcheck-am installdirs \
+ maintainer-clean maintainer-clean-generic mostlyclean \
+ mostlyclean-generic mostlyclean-libtool pdf pdf-am ps ps-am \
+ tags-am uninstall uninstall-am
+
+.PRECIOUS: Makefile
+
+
+# Tell versions [3.59,3.63) of GNU make to not export all variables.
+# Otherwise a system limit (for SysV at least) may be exceeded.
+.NOEXPORT:
diff --git a/distro/common/cz.nic.knotd.conf b/distro/common/cz.nic.knotd.conf
new file mode 100644
index 0000000..50af87a
--- /dev/null
+++ b/distro/common/cz.nic.knotd.conf
@@ -0,0 +1,9 @@
+<!DOCTYPE busconfig PUBLIC "-//freedesktop//DTD D-BUS Bus Configuration 1.0//EN" "http://www.freedesktop.org/standards/dbus/1.0/busconfig.dtd">
+<busconfig>
+ <policy user="knot">
+ <allow own="cz.nic.knotd" />
+ </policy>
+ <policy context="default">
+ <allow receive_sender="cz.nic.knotd" />
+ </policy>
+</busconfig>
diff --git a/distro/common/knot.service b/distro/common/knot.service
new file mode 100644
index 0000000..e6c13ed
--- /dev/null
+++ b/distro/common/knot.service
@@ -0,0 +1,30 @@
+[Unit]
+Description=Knot DNS server
+Wants=network-online.target
+After=network-online.target
+Documentation=man:knotd(8) man:knot.conf(5) man:knotc(8)
+
+[Service]
+Type=notify
+User=knot
+Group=knot
+CapabilityBoundingSet=CAP_NET_BIND_SERVICE CAP_SETPCAP
+AmbientCapabilities=CAP_NET_BIND_SERVICE CAP_SETPCAP
+ExecStartPre=/usr/sbin/knotc conf-check
+ExecStart=/usr/sbin/knotd -m "$KNOT_CONF_MAX_SIZE"
+ExecReload=/bin/kill -HUP $MAINPID
+Restart=on-abort
+LimitNOFILE=1048576
+TimeoutStopSec=300
+# Extend the systemd startup timeout by this value (seconds) for each zone
+Environment="KNOT_ZONE_LOAD_TIMEOUT_SEC=180"
+# Maximum size (MiB) of a configuration database
+Environment="KNOT_CONF_MAX_SIZE=512"
+
+# Expected systemd >= v239
+RuntimeDirectory=knot
+StateDirectory=knot
+NoNewPrivileges=yes
+
+[Install]
+WantedBy=multi-user.target
diff --git a/distro/common/system-local.conf b/distro/common/system-local.conf
new file mode 100644
index 0000000..8df0a2f
--- /dev/null
+++ b/distro/common/system-local.conf
@@ -0,0 +1,5 @@
+<!DOCTYPE busconfig PUBLIC "-//freedesktop//DTD D-Bus Bus Configuration 1.0//EN"
+ "http://www.freedesktop.org/standards/dbus/1.0/busconfig.dtd">
+<busconfig>
+ <listen>unix:path=/rundir/dbus.sock</listen>
+</busconfig>
diff --git a/distro/config/apkg.toml b/distro/config/apkg.toml
new file mode 100644
index 0000000..0b9f0eb
--- /dev/null
+++ b/distro/config/apkg.toml
@@ -0,0 +1,24 @@
+[project]
+name = "knot-dns"
+# needed for make-archive
+make_archive_script = "scripts/make-dev-archive.sh"
+
+[upstream]
+# needed for get-archive
+archive_url = "https://secure.nic.cz/files/knot-dns/knot-{{ version }}.tar.xz"
+signature_url = "https://secure.nic.cz/files/knot-dns/knot-{{ version }}.tar.xz.asc"
+
+[apkg]
+compat = 3
+
+[[distro.aliases]]
+name = "el-7"
+distro = ["centos == 7", "rhel == 7"]
+
+[[distro.aliases]]
+name = "deb-nolibxdp"
+distro = ["debian == 11", "ubuntu == 20.04", "ubuntu == 22.04"]
+
+[[distro.aliases]]
+name = "deb-noxdp"
+distro = ["debian == 10", "ubuntu == 18.04"]
diff --git a/distro/pkg/arch/PKGBUILD b/distro/pkg/arch/PKGBUILD
new file mode 100644
index 0000000..16f1259
--- /dev/null
+++ b/distro/pkg/arch/PKGBUILD
@@ -0,0 +1,66 @@
+# Maintainer: Tomas Krizek <tomas.krizek@nic.cz>
+# Maintainer: Bruno Pagani <archange@archlinux.org>
+# Contributor: Ondřej Surý <ondrej@sury.org>
+# Contributor: Julian Brost <julian@0x4a42.net>
+# Contributor: Oleander Reis <oleander@oleander.cc>
+# Contributor: Otto Sabart <seberm[at]gmail[dot]com>
+
+pkgname=knot
+pkgver={{ version }}
+pkgrel=1
+pkgdesc="High-performance authoritative-only DNS server"
+arch=('x86_64')
+url="https://www.knot-dns.cz/"
+license=('GPL3')
+depends=('fstrm'
+ 'gnutls'
+ 'libcap-ng'
+ 'libedit'
+ 'libidn2'
+ 'libmaxminddb'
+ 'liburcu'
+ 'lmdb'
+ 'protobuf-c'
+ 'systemd')
+backup=('etc/knot/knot.conf')
+source=("${pkgname}-${pkgver}.tar.xz")
+sha256sums=('SKIP')
+validpgpkeys=('742FA4E95829B6C5EAC6B85710BB7AF6FEBBD6AB') # Daniel Salzman <daniel.salzman@nic.cz>
+
+build() {
+ cd ${pkgname}-${pkgver}
+
+ ./configure \
+ --prefix=/usr \
+ --sbindir=/usr/bin \
+ --sysconfdir=/etc \
+ --localstatedir=/var/lib \
+ --libexecdir=/usr/lib/knot \
+ --with-rundir=/run/knot \
+ --with-storage=/var/lib/knot \
+ --enable-recvmmsg \
+ --enable-dnstap \
+ --enable-systemd \
+ --enable-reuseport \
+ --disable-silent-rules \
+ --disable-static
+
+ make
+}
+
+check() {
+ cd ${pkgname}-${pkgver}
+ make check
+}
+
+package() {
+ cd ${pkgname}-${pkgver}
+
+ make DESTDIR="${pkgdir}" install
+
+ rm "${pkgdir}"/etc/knot/example.com.zone
+ mv "${pkgdir}"/etc/knot/{knot.sample.conf,knot.conf}
+
+ install -Dm644 distro/common/${pkgname}.service -t "${pkgdir}"/usr/lib/systemd/system/
+ install -Dm644 distro/pkg/arch/${pkgname}.sysusers "${pkgdir}"/usr/lib/sysusers.d/${pkgname}.conf
+}
diff --git a/distro/pkg/arch/knot.sysusers b/distro/pkg/arch/knot.sysusers
new file mode 100644
index 0000000..735db76
--- /dev/null
+++ b/distro/pkg/arch/knot.sysusers
@@ -0,0 +1 @@
+u knot - "Knot DNS Daemon User"
diff --git a/distro/pkg/arch/knot.tmpfiles.arch b/distro/pkg/arch/knot.tmpfiles.arch
new file mode 100644
index 0000000..b20df6a
--- /dev/null
+++ b/distro/pkg/arch/knot.tmpfiles.arch
@@ -0,0 +1,2 @@
+d /run/knot 0755 knot knot - -
+d /var/lib/knot 0700 knot knot - -
diff --git a/distro/pkg/deb-nolibxdp/changelog b/distro/pkg/deb-nolibxdp/changelog
new file mode 100644
index 0000000..123f92b
--- /dev/null
+++ b/distro/pkg/deb-nolibxdp/changelog
@@ -0,0 +1,6 @@
+knot ({{ version }}-cznic.{{ release }}) unstable; urgency=medium
+
+ * upstream package
+ * see https://www.knot-dns.cz
+
+ -- Knot DNS <knot-dns@labs.nic.cz> {{ now }}
diff --git a/distro/pkg/deb-nolibxdp/clean b/distro/pkg/deb-nolibxdp/clean
new file mode 100644
index 0000000..b2a9f3f
--- /dev/null
+++ b/distro/pkg/deb-nolibxdp/clean
@@ -0,0 +1,2 @@
+doc/modules
+.pybuild/
diff --git a/distro/pkg/deb-nolibxdp/compat b/distro/pkg/deb-nolibxdp/compat
new file mode 100644
index 0000000..b4de394
--- /dev/null
+++ b/distro/pkg/deb-nolibxdp/compat
@@ -0,0 +1 @@
+11
diff --git a/distro/pkg/deb-nolibxdp/control b/distro/pkg/deb-nolibxdp/control
new file mode 100644
index 0000000..7db1fb2
--- /dev/null
+++ b/distro/pkg/deb-nolibxdp/control
@@ -0,0 +1,283 @@
+Source: knot
+Section: net
+Priority: optional
+Maintainer: Knot DNS <knot-dns@labs.nic.cz>
+Uploaders:
+ Jakub Ružička <jakub.ruzicka@nic.cz>,
+ Daniel Salzman <daniel.salzman@nic.cz>,
+Build-Depends-Indep:
+ python3-setuptools,
+ python3-sphinx,
+Build-Depends:
+ autoconf,
+ automake,
+ debhelper (>= 11),
+ dh-python,
+ libbpf-dev,
+ libcap-ng-dev,
+ libedit-dev,
+ libfstrm-dev,
+ libgnutls28-dev,
+ libidn2-dev,
+ liblmdb-dev,
+ libmaxminddb-dev,
+ libmnl-dev,
+ libnghttp2-dev,
+ libprotobuf-c-dev,
+ libsofthsm2 <!nocheck>,
+ libsystemd-dev [linux-any] | libsystemd-daemon-dev [linux-any],
+ libsystemd-dev [linux-any] | libsystemd-journal-dev [linux-any],
+ libtool,
+ liburcu-dev,
+ pkg-config,
+ protobuf-c-compiler,
+ python3-all,
+Standards-Version: 4.5.0
+Homepage: https://www.knot-dns.cz/
+Vcs-Browser: https://gitlab.nic.cz/knot/knot-dns
+Vcs-Git: https://gitlab.nic.cz/knot/knot-dns.git
+Rules-Requires-Root: no
+
+Package: knot
+Architecture: any
+Depends:
+ adduser,
+ libdnssec9 (= ${binary:Version}),
+ libknot14 (= ${binary:Version}),
+ libzscanner4 (= ${binary:Version}),
+ ${misc:Depends},
+ ${shlibs:Depends},
+Pre-Depends:
+ ${misc:Pre-Depends},
+Suggests:
+ systemd,
+Description: Authoritative domain name server
+ Knot DNS is a fast, authoritative only, high performance, feature
+ full and open source name server.
+ .
+ Knot DNS is developed by CZ.NIC Labs, the R&D department of .CZ
+ registry and hence is well suited to run anything from the root
+ zone, the top-level domain, to many smaller standard domain names.
+
+Package: libknot14
+Architecture: any
+Depends:
+ ${misc:Depends},
+ ${shlibs:Depends},
+Section: libs
+Description: DNS shared library from Knot DNS
+ Knot DNS is a fast, authoritative only, high performance, feature
+ full and open source name server.
+ .
+ Knot DNS is developed by CZ.NIC Labs, the R&D department of .CZ
+ registry and hence is well suited to run anything from the root
+ zone, the top-level domain, to many smaller standard domain names.
+ .
+ This package provides a DNS shared library used by Knot DNS and
+ Knot Resolver.
+
+Package: libzscanner4
+Architecture: any
+Depends:
+ ${misc:Depends},
+ ${shlibs:Depends},
+Section: libs
+Description: DNS zone-parsing shared library from Knot DNS
+ Knot DNS is a fast, authoritative only, high performance, feature
+ full and open source name server.
+ .
+ Knot DNS is developed by CZ.NIC Labs, the R&D department of .CZ
+ registry and hence is well suited to run anything from the root
+ zone, the top-level domain, to many smaller standard domain names.
+ .
+ This package provides a fast zone parser shared library used by Knot
+ DNS and Knot Resolver.
+
+Package: libdnssec9
+Architecture: any
+Depends:
+ ${misc:Depends},
+ ${shlibs:Depends},
+Section: libs
+Description: DNSSEC shared library from Knot DNS
+ Knot DNS is a fast, authoritative only, high performance, feature
+ full and open source name server.
+ .
+ Knot DNS is developed by CZ.NIC Labs, the R&D department of .CZ
+ registry and hence is well suited to run anything from the root
+ zone, the top-level domain, to many smaller standard domain names.
+ .
+ This package provides common DNSSEC shared library used by Knot DNS
+ and Knot Resolver.
+
+Package: libknot-dev
+Architecture: any
+Depends:
+ libdnssec9 (= ${binary:Version}),
+ libgnutls28-dev,
+ libknot14 (= ${binary:Version}),
+ libzscanner4 (= ${binary:Version}),
+ ${misc:Depends},
+ ${shlibs:Depends},
+Section: libdevel
+Description: Knot DNS shared library development files
+ Knot DNS is a fast, authoritative only, high performance, feature
+ full and open source name server.
+ .
+ Knot DNS is developed by CZ.NIC Labs, the R&D department of .CZ
+ registry and hence is well suited to run anything from the root
+ zone, the top-level domain, to many smaller standard domain names.
+ .
+ This package provides development files for shared libraries from Knot DNS.
+
+Package: knot-dnsutils
+Architecture: any
+Depends:
+ libdnssec9 (= ${binary:Version}),
+ libknot14 (= ${binary:Version}),
+ libzscanner4 (= ${binary:Version}),
+ ${misc:Depends},
+ ${shlibs:Depends},
+Description: DNS clients provided with Knot DNS (kdig, knsupdate)
+ Knot DNS is a fast, authoritative only, high performance, feature
+ full and open source name server.
+ .
+ Knot DNS is developed by CZ.NIC Labs, the R&D department of .CZ
+ registry and hence is well suited to run anything from the root
+ zone, the top-level domain, to many smaller standard domain names.
+ .
+ This package delivers various DNS client programs from Knot DNS.
+ .
+ - kdig - query a DNS server in various ways
+ - knsupdate - perform dynamic updates (See RFC2136)
+ - kxdpgun - send a DNS query stream over UDP to a DNS server
+ .
+ Those clients were designed to be almost 1:1 compatible with BIND dnsutils,
+ but they provide some enhancements, which are documented.
+ .
+ WARNING: knslookup is not provided as it is considered obsolete.
+
+Package: knot-dnssecutils
+Architecture: any
+Depends:
+ libdnssec9 (= ${binary:Version}),
+ libknot14 (= ${binary:Version}),
+ libzscanner4 (= ${binary:Version}),
+ ${misc:Depends},
+ ${shlibs:Depends},
+Description: DNSSEC tools provided with Knot DNS
+ Knot DNS is a fast, authoritative only, high performance, feature
+ full and open source name server.
+ .
+ Knot DNS is developed by CZ.NIC Labs, the R&D department of .CZ
+ registry and hence is well suited to run anything from the root
+ zone, the top-level domain, to many smaller standard domain names.
+ .
+ This package delivers various DNSSEC tools from Knot DNS.
+ .
+ - kzonecheck
+ - kzonesign
+ - knsec3hash
+
+Package: knot-host
+Architecture: any
+Depends:
+ libdnssec9 (= ${binary:Version}),
+ libknot14 (= ${binary:Version}),
+ libzscanner4 (= ${binary:Version}),
+ ${misc:Depends},
+ ${shlibs:Depends},
+Description: Version of 'host' bundled with Knot DNS
+ Knot DNS is a fast, authoritative only, high performance, feature
+ full and open source name server.
+ .
+ Knot DNS is developed by CZ.NIC Labs, the R&D department of .CZ
+ registry and hence is well suited to run anything from the root
+ zone, the top-level domain, to many smaller standard domain names.
+ .
+ This package provides the 'host' program from Knot DNS. This program is
+ designed to be almost 1:1 compatible with BIND 9.x 'host' program.
+
+Package: knot-module-dnstap
+Architecture: any
+Depends:
+ knot (= ${binary:Version}),
+ ${misc:Depends},
+ ${shlibs:Depends},
+Description: dnstap module for Knot DNS
+ Knot DNS is a fast, authoritative only, high performance, feature
+ full and open source name server.
+ .
+ Knot DNS is developed by CZ.NIC Labs, the R&D department of .CZ
+ registry and hence is well suited to run anything from the root
+ zone, the top-level domain, to many smaller standard domain names.
+ .
+ This package contains dnstap module for logging DNS traffic.
+
+Package: knot-module-geoip
+Architecture: any
+Depends:
+ knot (= ${binary:Version}),
+ ${misc:Depends},
+ ${shlibs:Depends},
+Description: geoip module for Knot DNS
+ Knot DNS is a fast, authoritative only, high performance, feature
+ full and open source name server.
+ .
+ Knot DNS is developed by CZ.NIC Labs, the R&D department of .CZ
+ registry and hence is well suited to run anything from the root
+ zone, the top-level domain, to many smaller standard domain names.
+ .
+ This package contains geoip module for geography-based responses.
+
+Package: knot-doc
+Architecture: all
+Multi-Arch: foreign
+Depends:
+ libjs-jquery,
+ libjs-sphinxdoc,
+ libjs-underscore,
+ ${misc:Depends},
+Section: doc
+Description: Documentation for Knot DNS
+ Knot DNS is a fast, authoritative only, high performance, feature
+ full and open source name server.
+ .
+ Knot DNS is developed by CZ.NIC Labs, the R&D department of .CZ
+ registry and hence is well suited to run anything from the root
+ zone, the top-level domain, to many smaller standard domain names.
+ .
+ This package provides various documents that are useful for
+ maintaining a working Knot DNS installation.
+
+Package: knot-exporter
+Architecture: all
+Depends:
+ ${misc:Depends},
+ ${python3:Depends},
+Section: python
+Description: Prometheus exporter for Knot DNS
+ Knot DNS is a fast, authoritative only, high performance, feature
+ full and open source name server.
+ .
+ Knot DNS is developed by CZ.NIC Labs, the R&D department of .CZ
+ registry and hence is well suited to run anything from the root
+ zone, the top-level domain, to many smaller standard domain names.
+ .
+ This package provides Python Prometheus exporter for Knot DNS.
+
+Package: python3-libknot
+Architecture: all
+Depends:
+ ${misc:Depends},
+ ${python3:Depends},
+Section: python
+Description: Python bindings for libknot
+ Knot DNS is a fast, authoritative only, high performance, feature
+ full and open source name server.
+ .
+ Knot DNS is developed by CZ.NIC Labs, the R&D department of .CZ
+ registry and hence is well suited to run anything from the root
+ zone, the top-level domain, to many smaller standard domain names.
+ .
+ This package provides Python bindings for the libknot shared library.
diff --git a/distro/pkg/deb-nolibxdp/copyright b/distro/pkg/deb-nolibxdp/copyright
new file mode 100644
index 0000000..20c8b97
--- /dev/null
+++ b/distro/pkg/deb-nolibxdp/copyright
@@ -0,0 +1,179 @@
+Format: https://www.debian.org/doc/packaging-manuals/copyright-format/1.0/
+Upstream-Name: Knot DNS
+Upstream-Contact: knot-dns@labs.nic.cz
+Source: https://secure.nic.cz/files/knot-dns/
+
+Files: *
+Copyright: 2011-2023 CZ.NIC, z.s.p.o. <knot-dns@labs.nic.cz>
+License: GPL-3+
+
+Files: m4/*
+Copyright: 2011-2022 CZ.NIC, z.s.p.o. <knot-dns@labs.nic.cz>
+ 1996-2001, 2003-2015 Free Software Foundation, Inc.
+License: GPL-3+
+
+Files: install-sh
+Copyright: 1994 X Consortium
+License: MIT
+
+Files: debian/* distro/pkg/deb/*
+Copyright: 2011-2023 CZ.NIC, z.s.p.o. <knot-dns@labs.nic.cz>
+ 2011 Ondřej Surý <ondrej@debian.org>
+License: GPL-3+
+
+Files: tests/tap/*
+Copyright: 2000-2001, 2004, 2006-2012 Russ Allbery <rra@stanford.edu>
+ 2006, 2007, 2008, 2013 The Board of Trustees of the Leland Stanford Junior University
+License: MIT
+
+Files: tests/tap/files.*
+Copyright: 2011-2019 CZ.NIC, z.s.p.o. <knot-dns@labs.nic.cz>
+License: GPL-3+
+
+Files: src/contrib/dnstap/*
+Copyright: 2014, Farsight Security, Inc. <software@farsightsecurity.com>
+ 2011-2022 CZ.NIC, z.s.p.o. <knot-dns@labs.nic.cz>
+License: GPL-3+
+
+Files: src/contrib/libngtcp2/*
+Copyright: 2016-2023 ngtcp2 contributors
+ 2012-2017 nghttp2 contributors
+License: MIT
+
+Files: src/contrib/musl/*
+Copyright: 2005-2020 Rich Felker, et al.
+License: MIT
+
+Files: src/contrib/openbsd/siphash.*
+Copyright: 2013 Andre Oppermann <andre@FreeBSD.org>
+License: BSD-3-Clause
+
+Files: src/contrib/openbsd/strl*
+Copyright: 1998 Todd C. Miller <Todd.Miller@courtesan.com>
+License: 0BSD
+
+Files: src/contrib/proxyv2/*
+Copyright: 2022 CZ.NIC, z.s.p.o. <knot-dns@labs.nic.cz>
+ 2021 Fastly, Inc.
+License: GPL-3+
+
+Files: src/contrib/qp-trie/*
+Copyright: 2011-2019 CZ.NIC, z.s.p.o. <knot-dns@labs.nic.cz>
+ 2018 Tony Finch <dot@dotat.at>
+License: GPL-3+
+
+Files: src/contrib/ucw/*
+Copyright: 2011-2022 CZ.NIC, z.s.p.o. <knot-dns@labs.nic.cz>
+ 1997-2017 Martin Mares <mj@ucw.cz>
+ 2007 Pavel Charvat <pchar@ucw.cz>
+ 2012 Ondrej Filip <feela@network.cz>
+License: LGPL-2.0
+
+Files: src/contrib/ucw/heap.h
+Copyright: 2011-2022 CZ.NIC, z.s.p.o. <knot-dns@labs.nic.cz>
+License: GPL-3+
+
+Files: src/contrib/url-parser/*
+Copyright: 2020 Igor Sysoev
+ 2020 Nginx, Inc.
+ 2020 Joyent, Inc.
+License: MIT
+
+Files: src/contrib/vpool/*
+Copyright: 2006, 2008 Alexey Vatchenko <av@bsdua.org>
+License: 0BSD
+
+Files: tests-fuzz/main.c
+Copyright: 2011-2019 CZ.NIC, z.s.p.o. <knot-dns@labs.nic.cz>
+ 2017 Tim Ruehsen
+License: MIT
+
+License: GPL-3+
+ This program is free software: you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation, either version 3 of the License, or
+ (at your option) any later version.
+ .
+ This program is distributed in the hope that it will be useful, but
+ WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ General Public License for more details.
+ .
+ You should have received a copy of the GNU General Public License
+ along with this program. If not, see <https://www.gnu.org/licenses/>.
+ .
+ On Debian systems, the full text of the GNU General Public License
+ version 3 can be found in the file `/usr/share/common-licenses/GPL-3'.
+
+License: LGPL-2.0
+ This library is free software; you can redistribute it and/or
+ modify it under the terms of the GNU Library General Public
+ License as published by the Free Software Foundation; either
+ version 2 of the License, or (at your option) any later version.
+ .
+ This library is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ Library General Public License for more details.
+ .
+ You should have received a copy of the GNU Library General Public
+ License along with this library; if not, write to the
+ Free Software Foundation, Inc., 51 Franklin St, Fifth Floor,
+ Boston, MA 02110-1301, USA.
+
+License: 0BSD
+ Permission to use, copy, modify, and distribute this software for any
+ purpose with or without fee is hereby granted, provided that the above
+ copyright notice and this permission notice appear in all copies.
+ .
+ THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+ WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+ MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+ ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+ WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+ ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+ OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+
+License: BSD-3-Clause
+ Redistribution and use in source and binary forms, with or without modification,
+ are permitted provided that the following conditions are met:
+ 1. Redistributions of source code must retain the above copyright notice, this
+ list of conditions and the following disclaimer.
+ 2. Redistributions in binary form must reproduce the above copyright notice,
+ this list of conditions and the following disclaimer in the documentation
+ and/or other materials provided with the distribution.
+ 3. Neither the name of the copyright holder nor the names of its contributors
+ may be used to endorse or promote products derived from this software without
+ specific prior written permission.
+ .
+ THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
+ ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+ WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
+ IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
+ INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
+ BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+ DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
+ LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
+ OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ OF THE POSSIBILITY OF SUCH DAMAGE.
+
+License: MIT
+ Permission is hereby granted, free of charge, to any person obtaining
+ a copy of this software and associated documentation files (the
+ "Software"), to deal in the Software without restriction, including
+ without limitation the rights to use, copy, modify, merge, publish,
+ distribute, sublicense, and/or sell copies of the Software, and to
+ permit persons to whom the Software is furnished to do so, subject to
+ the following conditions:
+ .
+ The above copyright notice and this permission notice shall be
+ included in all copies or substantial portions of the Software.
+ .
+ THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+ EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+ MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+ NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS
+ BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN
+ ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
+ CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+ SOFTWARE.
diff --git a/distro/pkg/deb-nolibxdp/cz.nic.knotd.conf b/distro/pkg/deb-nolibxdp/cz.nic.knotd.conf
new file mode 100644
index 0000000..50af87a
--- /dev/null
+++ b/distro/pkg/deb-nolibxdp/cz.nic.knotd.conf
@@ -0,0 +1,9 @@
+<!DOCTYPE busconfig PUBLIC "-//freedesktop//DTD D-BUS Bus Configuration 1.0//EN" "http://www.freedesktop.org/standards/dbus/1.0/busconfig.dtd">
+<busconfig>
+ <policy user="knot">
+ <allow own="cz.nic.knotd" />
+ </policy>
+ <policy context="default">
+ <allow receive_sender="cz.nic.knotd" />
+ </policy>
+</busconfig>
diff --git a/distro/pkg/deb-nolibxdp/docs b/distro/pkg/deb-nolibxdp/docs
new file mode 100644
index 0000000..b43bf86
--- /dev/null
+++ b/distro/pkg/deb-nolibxdp/docs
@@ -0,0 +1 @@
+README.md
diff --git a/distro/pkg/deb-nolibxdp/knot-dnssecutils.install b/distro/pkg/deb-nolibxdp/knot-dnssecutils.install
new file mode 100644
index 0000000..20009e8
--- /dev/null
+++ b/distro/pkg/deb-nolibxdp/knot-dnssecutils.install
@@ -0,0 +1,3 @@
+usr/bin/knsec3hash
+usr/bin/kzonecheck
+usr/bin/kzonesign
diff --git a/distro/pkg/deb-nolibxdp/knot-dnssecutils.manpages b/distro/pkg/deb-nolibxdp/knot-dnssecutils.manpages
new file mode 100644
index 0000000..913c4cb
--- /dev/null
+++ b/distro/pkg/deb-nolibxdp/knot-dnssecutils.manpages
@@ -0,0 +1,3 @@
+usr/share/man/man1/knsec3hash.1
+usr/share/man/man1/kzonecheck.1
+usr/share/man/man1/kzonesign.1
diff --git a/distro/pkg/deb-nolibxdp/knot-dnsutils.install b/distro/pkg/deb-nolibxdp/knot-dnsutils.install
new file mode 100644
index 0000000..e2f2a8a
--- /dev/null
+++ b/distro/pkg/deb-nolibxdp/knot-dnsutils.install
@@ -0,0 +1,3 @@
+usr/bin/kdig
+usr/bin/knsupdate
+usr/sbin/kxdpgun
diff --git a/distro/pkg/deb-nolibxdp/knot-dnsutils.manpages b/distro/pkg/deb-nolibxdp/knot-dnsutils.manpages
new file mode 100644
index 0000000..67254d9
--- /dev/null
+++ b/distro/pkg/deb-nolibxdp/knot-dnsutils.manpages
@@ -0,0 +1,3 @@
+usr/share/man/man1/kdig.1
+usr/share/man/man1/knsupdate.1
+usr/share/man/man8/kxdpgun.8
diff --git a/distro/pkg/deb-nolibxdp/knot-doc.install b/distro/pkg/deb-nolibxdp/knot-doc.install
new file mode 100644
index 0000000..c2a345d
--- /dev/null
+++ b/distro/pkg/deb-nolibxdp/knot-doc.install
@@ -0,0 +1 @@
+usr/share/doc/knot/* /usr/share/doc/knot-doc/
diff --git a/distro/pkg/deb-nolibxdp/knot-doc.links b/distro/pkg/deb-nolibxdp/knot-doc.links
new file mode 100644
index 0000000..1376b3a
--- /dev/null
+++ b/distro/pkg/deb-nolibxdp/knot-doc.links
@@ -0,0 +1,5 @@
+usr/share/javascript/jquery/jquery.min.js usr/share/doc/knot-doc/_static/jquery.js
+usr/share/javascript/sphinxdoc/1.0/doctools.js usr/share/doc/knot-doc/_static/doctools.js
+usr/share/javascript/sphinxdoc/1.0/language_data.js usr/share/doc/knot-doc/_static/language_data.js
+usr/share/javascript/sphinxdoc/1.0/searchtools.js usr/share/doc/knot-doc/_static/searchtools.js
+usr/share/javascript/underscore/underscore.min.js usr/share/doc/knot-doc/_static/underscore.js
diff --git a/distro/pkg/deb-nolibxdp/knot-exporter.install b/distro/pkg/deb-nolibxdp/knot-exporter.install
new file mode 100644
index 0000000..4c2d5ed
--- /dev/null
+++ b/distro/pkg/deb-nolibxdp/knot-exporter.install
@@ -0,0 +1,3 @@
+usr/lib/python3*/dist-packages/knot_exporter-*.egg-info
+usr/lib/python3*/dist-packages/knot_exporter/*.py
+usr/bin/knot-exporter /usr/sbin/knot-exporter
diff --git a/distro/pkg/deb-nolibxdp/knot-host.install b/distro/pkg/deb-nolibxdp/knot-host.install
new file mode 100644
index 0000000..51bacf0
--- /dev/null
+++ b/distro/pkg/deb-nolibxdp/knot-host.install
@@ -0,0 +1 @@
+usr/bin/khost
diff --git a/distro/pkg/deb-nolibxdp/knot-host.manpages b/distro/pkg/deb-nolibxdp/knot-host.manpages
new file mode 100644
index 0000000..4891e2c
--- /dev/null
+++ b/distro/pkg/deb-nolibxdp/knot-host.manpages
@@ -0,0 +1 @@
+usr/share/man/man1/khost.1
diff --git a/distro/pkg/deb-nolibxdp/knot-module-dnstap.install b/distro/pkg/deb-nolibxdp/knot-module-dnstap.install
new file mode 100644
index 0000000..983455e
--- /dev/null
+++ b/distro/pkg/deb-nolibxdp/knot-module-dnstap.install
@@ -0,0 +1 @@
+usr/lib/*/knot/modules-*/dnstap.so
diff --git a/distro/pkg/deb-nolibxdp/knot-module-geoip.install b/distro/pkg/deb-nolibxdp/knot-module-geoip.install
new file mode 100644
index 0000000..16d87c3
--- /dev/null
+++ b/distro/pkg/deb-nolibxdp/knot-module-geoip.install
@@ -0,0 +1 @@
+usr/lib/*/knot/modules-*/geoip.so
diff --git a/distro/pkg/deb-nolibxdp/knot.dirs b/distro/pkg/deb-nolibxdp/knot.dirs
new file mode 100644
index 0000000..6e937aa
--- /dev/null
+++ b/distro/pkg/deb-nolibxdp/knot.dirs
@@ -0,0 +1 @@
+var/lib/knot
diff --git a/distro/pkg/deb-nolibxdp/knot.init b/distro/pkg/deb-nolibxdp/knot.init
new file mode 100644
index 0000000..3f8fcae
--- /dev/null
+++ b/distro/pkg/deb-nolibxdp/knot.init
@@ -0,0 +1,149 @@
+#!/bin/sh
+### BEGIN INIT INFO
+# Provides: knot
+# Required-Start: $network $local_fs $remote_fs $syslog
+# Required-Stop: $remote_fs $syslog
+# Default-Start: 2 3 4 5
+# Default-Stop: 0 1 6
+# Short-Description: authoritative domain name server
+# Description: Knot DNS is a authoritative-only domain name server
+### END INIT INFO
+
+# Author: Ondřej Surý <ondrej@debian.org>
+
+# PATH should only include /usr/* if it runs after the mountnfs.sh script
+PATH=/sbin:/usr/sbin:/bin:/usr/bin
+DESC="Knot DNS server" # Introduce a short description here
+NAME=knotd # Introduce the short server's name here
+DAEMON=/usr/sbin/$NAME # Introduce the server's location here
+PIDFILE=/run/knot/knot.pid
+SCRIPTNAME=/etc/init.d/knot
+KNOTC=/usr/sbin/knotc
+RUNDIR=/run/knot
+
+# Exit if the package is not installed
+[ -x $DAEMON ] || exit 0
+
+KNOTD_ARGS=""
+
+# Read configuration variable file if it is present
+[ -r /etc/default/knot ] && . /etc/default/knot
+
+DAEMON_ARGS="-d $KNOTD_ARGS"
+
+# Define LSB log_* functions.
+# Depend on sysvinit-utils (>= 2.96) to ensure that this file is present.
+. /lib/lsb/init-functions
+
+#
+# Function that starts the daemon/service
+#
+do_start()
+{
+ # Return
+ # 0 if daemon has been started
+ # 1 if daemon was already running
+ # 2 if daemon could not be started
+
+ $KNOTC status >/dev/null 2>/dev/null \
+ && return 1
+
+ start-stop-daemon --start --quiet --pidfile $PIDFILE --exec $DAEMON --test > /dev/null \
+ || return 1
+ start-stop-daemon --start --quiet --pidfile $PIDFILE --exec $DAEMON -- \
+ $DAEMON_ARGS \
+ || return 2
+}
+
+#
+# Function that stops the daemon/service
+#
+do_stop()
+{
+ # Return
+ # 0 if daemon has been stopped
+ # 1 if daemon was already stopped
+ # 2 if daemon could not be stopped
+ # other if a failure occurred
+
+ $KNOTC status >/dev/null 2>/dev/null \
+ || return 1
+
+ $KNOTC stop >/dev/null
+ RETVAL="$?"
+ [ $? = 1 ] && return 2
+
+ # Many daemons don't delete their pidfiles when they exit.
+ rm -f $PIDFILE
+ return 0
+}
+
+do_reload() {
+ $KNOTC reload >/dev/null
+ return $?
+}
+
+do_mkrundir() {
+ mkdir -p $RUNDIR
+ chmod 0755 $RUNDIR
+ chown knot:knot $RUNDIR
+}
+
+case "$1" in
+ start)
+ do_mkrundir
+ log_daemon_msg "Starting $DESC " "$NAME"
+ do_start
+ case "$?" in
+ 0|1) log_end_msg 0 ;;
+ 2) log_end_msg 1 ;;
+ esac
+ ;;
+ stop)
+ log_daemon_msg "Stopping $DESC" "$NAME"
+ do_stop
+ case "$?" in
+ 0|1) log_end_msg 0 ;;
+ 2) log_end_msg 1 ;;
+ esac
+ ;;
+ status)
+ STATUS=$($KNOTC status 2>&1 >/dev/null)
+ RETVAL=$?
+ if [ $RETVAL = 0 ]; then
+ log_success_msg "$NAME is running"
+ else
+ log_failure_msg "$NAME is not running ($STATUS)"
+ fi
+ exit $RETVAL
+ ;;
+ reload|force-reload)
+ log_daemon_msg "Reloading $DESC" "$NAME"
+ do_reload
+ log_end_msg $?
+ ;;
+ restart)
+ log_daemon_msg "Restarting $DESC" "$NAME"
+ do_stop
+ case "$?" in
+ 0|1)
+ do_start
+ case "$?" in
+ 0) log_end_msg 0 ;;
+ 1) log_end_msg 1 ;; # Old process is still running
+ *) log_end_msg 1 ;; # Failed to start
+ esac
+ ;;
+ *)
+ # Failed to stop
+ log_end_msg 1
+ ;;
+ esac
+ ;;
+ *)
+ echo "Usage: $SCRIPTNAME {start|stop|status|restart|reload|force-reload}" >&2
+ exit 3
+ ;;
+esac
+
+:
diff --git a/distro/pkg/deb-nolibxdp/knot.install b/distro/pkg/deb-nolibxdp/knot.install
new file mode 100644
index 0000000..5c716fc
--- /dev/null
+++ b/distro/pkg/deb-nolibxdp/knot.install
@@ -0,0 +1,8 @@
+debian/cz.nic.knotd.conf usr/share/dbus-1/system.d/
+debian/ufw/knot etc/ufw/applications.d/
+etc/knot/knot.conf
+usr/sbin/kcatalogprint
+usr/sbin/keymgr
+usr/sbin/kjournalprint
+usr/sbin/knotc
+usr/sbin/knotd
diff --git a/distro/pkg/deb-nolibxdp/knot.manpages b/distro/pkg/deb-nolibxdp/knot.manpages
new file mode 100644
index 0000000..5d23e9f
--- /dev/null
+++ b/distro/pkg/deb-nolibxdp/knot.manpages
@@ -0,0 +1,6 @@
+usr/share/man/man5/knot.conf.5
+usr/share/man/man8/kcatalogprint.8
+usr/share/man/man8/keymgr.8
+usr/share/man/man8/kjournalprint.8
+usr/share/man/man8/knotc.8
+usr/share/man/man8/knotd.8
diff --git a/distro/pkg/deb-nolibxdp/knot.postinst b/distro/pkg/deb-nolibxdp/knot.postinst
new file mode 100644
index 0000000..da747c8
--- /dev/null
+++ b/distro/pkg/deb-nolibxdp/knot.postinst
@@ -0,0 +1,16 @@
+#!/bin/sh
+set -e
+
+if [ "$1" = "configure" ]; then
+ if ! getent passwd knot > /dev/null; then
+ adduser --quiet --system --group --no-create-home --home /var/lib/knot knot
+ fi
+
+ dpkg-statoverride --list /var/lib/knot >/dev/null 2>&1 || dpkg-statoverride --update --add root knot 0770 /var/lib/knot
+ dpkg-statoverride --list /etc/knot/knot.conf >/dev/null 2>&1 || dpkg-statoverride --update --add root knot 0640 /etc/knot/knot.conf
+ dpkg-statoverride --list /etc/knot >/dev/null 2>&1 || dpkg-statoverride --update --add root knot 0750 /etc/knot
+fi
+
+#DEBHELPER#
+
+exit 0
diff --git a/distro/pkg/deb-nolibxdp/knot.postrm b/distro/pkg/deb-nolibxdp/knot.postrm
new file mode 100644
index 0000000..14b3d69
--- /dev/null
+++ b/distro/pkg/deb-nolibxdp/knot.postrm
@@ -0,0 +1,21 @@
+#!/bin/sh
+set -e
+
+if test "$1" = "purge"; then
+ state_dir=/var/lib/knot
+ for db_name in "catalog" "confdb" "journal" "keys" "timers"; do
+ rm -rf $state_dir/$db_name >/dev/null 2>&1 || true
+ done
+ rmdir $state_dir >/dev/null 2>&1 || true
+ [ -e $state_dir/* ] && echo "Notice: there are still data in ${state_dir}, please check."
+
+ dpkg-statoverride --remove /var/lib/knot >/dev/null 2>&1 || true
+ dpkg-statoverride --remove /etc/knot/knot.conf >/dev/null 2>&1 || true
+ dpkg-statoverride --remove /etc/knot >/dev/null 2>&1 || true
+
+ deluser --quiet knot >/dev/null 2>&1 || true
+fi
+
+#DEBHELPER#
+
+exit 0
diff --git a/distro/pkg/deb-nolibxdp/knot.service b/distro/pkg/deb-nolibxdp/knot.service
new file mode 100644
index 0000000..e6c13ed
--- /dev/null
+++ b/distro/pkg/deb-nolibxdp/knot.service
@@ -0,0 +1,30 @@
+[Unit]
+Description=Knot DNS server
+Wants=network-online.target
+After=network-online.target
+Documentation=man:knotd(8) man:knot.conf(5) man:knotc(8)
+
+[Service]
+Type=notify
+User=knot
+Group=knot
+CapabilityBoundingSet=CAP_NET_BIND_SERVICE CAP_SETPCAP
+AmbientCapabilities=CAP_NET_BIND_SERVICE CAP_SETPCAP
+ExecStartPre=/usr/sbin/knotc conf-check
+ExecStart=/usr/sbin/knotd -m "$KNOT_CONF_MAX_SIZE"
+ExecReload=/bin/kill -HUP $MAINPID
+Restart=on-abort
+LimitNOFILE=1048576
+TimeoutStopSec=300
+# Extend the systemd startup timeout by this value (seconds) for each zone
+Environment="KNOT_ZONE_LOAD_TIMEOUT_SEC=180"
+# Maximum size (MiB) of a configuration database
+Environment="KNOT_CONF_MAX_SIZE=512"
+
+# Expected systemd >= v239
+RuntimeDirectory=knot
+StateDirectory=knot
+NoNewPrivileges=yes
+
+[Install]
+WantedBy=multi-user.target
diff --git a/distro/pkg/deb-nolibxdp/libdnssec9.install b/distro/pkg/deb-nolibxdp/libdnssec9.install
new file mode 100644
index 0000000..17a9fe6
--- /dev/null
+++ b/distro/pkg/deb-nolibxdp/libdnssec9.install
@@ -0,0 +1 @@
+usr/lib/*/libdnssec.so.*
diff --git a/distro/pkg/deb-nolibxdp/libdnssec9.symbols b/distro/pkg/deb-nolibxdp/libdnssec9.symbols
new file mode 100644
index 0000000..c3ab2ed
--- /dev/null
+++ b/distro/pkg/deb-nolibxdp/libdnssec9.symbols
@@ -0,0 +1,96 @@
+libdnssec.so.9 libdnssec9 #MINVER#
+* Build-Depends-Package: libknot-dev
+ dnssec_algorithm_digest_support@Base 3.2.0
+ dnssec_algorithm_key_size_check@Base 3.2.0
+ dnssec_algorithm_key_size_default@Base 3.2.0
+ dnssec_algorithm_key_size_range@Base 3.2.0
+ dnssec_algorithm_key_support@Base 3.2.0
+ dnssec_algorithm_reproducible@Base 3.2.0
+ dnssec_binary_alloc@Base 3.2.0
+ dnssec_binary_cmp@Base 3.2.0
+ dnssec_binary_dup@Base 3.2.0
+ dnssec_binary_free@Base 3.2.0
+ dnssec_binary_from_base64@Base 3.2.0
+ dnssec_binary_resize@Base 3.2.0
+ dnssec_binary_to_base64@Base 3.2.0
+ dnssec_crypto_cleanup@Base 3.2.0
+ dnssec_crypto_init@Base 3.2.0
+ dnssec_crypto_reinit@Base 3.2.0
+ dnssec_digest@Base 3.2.0
+ dnssec_digest_finish@Base 3.2.0
+ dnssec_digest_init@Base 3.2.0
+ dnssec_key_can_sign@Base 3.2.0
+ dnssec_key_can_verify@Base 3.2.0
+ dnssec_key_clear@Base 3.2.0
+ dnssec_key_create_ds@Base 3.2.0
+ dnssec_key_dup@Base 3.2.0
+ dnssec_key_free@Base 3.2.0
+ dnssec_key_get_algorithm@Base 3.2.0
+ dnssec_key_get_dname@Base 3.2.0
+ dnssec_key_get_flags@Base 3.2.0
+ dnssec_key_get_keyid@Base 3.2.0
+ dnssec_key_get_keytag@Base 3.2.0
+ dnssec_key_get_protocol@Base 3.2.0
+ dnssec_key_get_pubkey@Base 3.2.0
+ dnssec_key_get_rdata@Base 3.2.0
+ dnssec_key_get_size@Base 3.2.0
+ dnssec_key_load_pkcs8@Base 3.2.0
+ dnssec_key_new@Base 3.2.0
+ dnssec_key_set_algorithm@Base 3.2.0
+ dnssec_key_set_dname@Base 3.2.0
+ dnssec_key_set_flags@Base 3.2.0
+ dnssec_key_set_protocol@Base 3.2.0
+ dnssec_key_set_pubkey@Base 3.2.0
+ dnssec_key_set_rdata@Base 3.2.0
+ dnssec_keyid_copy@Base 3.2.0
+ dnssec_keyid_equal@Base 3.2.0
+ dnssec_keyid_is_valid@Base 3.2.0
+ dnssec_keyid_normalize@Base 3.2.0
+ dnssec_keystore_close@Base 3.2.0
+ dnssec_keystore_deinit@Base 3.2.0
+ dnssec_keystore_generate@Base 3.2.0
+ dnssec_keystore_get_private@Base 3.2.0
+ dnssec_keystore_import@Base 3.2.0
+ dnssec_keystore_init@Base 3.2.0
+ dnssec_keystore_init_pkcs11@Base 3.2.0
+ dnssec_keystore_init_pkcs8@Base 3.2.0
+ dnssec_keystore_open@Base 3.2.0
+ dnssec_keystore_remove@Base 3.2.0
+ dnssec_keystore_set_private@Base 3.2.0
+ dnssec_keytag@Base 3.2.0
+ dnssec_nsec3_hash@Base 3.2.0
+ dnssec_nsec3_hash_length@Base 3.2.0
+ dnssec_nsec3_params_free@Base 3.2.0
+ dnssec_nsec3_params_from_rdata@Base 3.2.0
+ dnssec_nsec3_params_match@Base 3.2.0
+ dnssec_nsec_bitmap_add@Base 3.2.0
+ dnssec_nsec_bitmap_clear@Base 3.2.0
+ dnssec_nsec_bitmap_contains@Base 3.2.0
+ dnssec_nsec_bitmap_free@Base 3.2.0
+ dnssec_nsec_bitmap_new@Base 3.2.0
+ dnssec_nsec_bitmap_size@Base 3.2.0
+ dnssec_nsec_bitmap_write@Base 3.2.0
+ dnssec_pem_from_privkey@Base 3.2.0
+ dnssec_pem_from_x509@Base 3.2.0
+ dnssec_pem_to_privkey@Base 3.2.0
+ dnssec_pem_to_x509@Base 3.2.0
+ dnssec_random_binary@Base 3.2.0
+ dnssec_random_buffer@Base 3.2.0
+ dnssec_sign_add@Base 3.2.0
+ dnssec_sign_free@Base 3.2.0
+ dnssec_sign_init@Base 3.2.0
+ dnssec_sign_new@Base 3.2.0
+ dnssec_sign_verify@Base 3.2.0
+ dnssec_sign_write@Base 3.2.0
+ dnssec_strerror@Base 3.2.0
+ dnssec_tsig_add@Base 3.2.0
+ dnssec_tsig_algorithm_from_dname@Base 3.2.0
+ dnssec_tsig_algorithm_from_name@Base 3.2.0
+ dnssec_tsig_algorithm_size@Base 3.2.0
+ dnssec_tsig_algorithm_to_dname@Base 3.2.0
+ dnssec_tsig_algorithm_to_name@Base 3.2.0
+ dnssec_tsig_free@Base 3.2.0
+ dnssec_tsig_new@Base 3.2.0
+ dnssec_tsig_optimal_key_size@Base 3.2.0
+ dnssec_tsig_size@Base 3.2.0
+ dnssec_tsig_write@Base 3.2.0
diff --git a/distro/pkg/deb-nolibxdp/libknot-dev.install b/distro/pkg/deb-nolibxdp/libknot-dev.install
new file mode 100644
index 0000000..cb60d88
--- /dev/null
+++ b/distro/pkg/deb-nolibxdp/libknot-dev.install
@@ -0,0 +1,3 @@
+usr/include/
+usr/lib/*/*.so
+usr/lib/*/pkgconfig/*
diff --git a/distro/pkg/deb-nolibxdp/libknot14.install b/distro/pkg/deb-nolibxdp/libknot14.install
new file mode 100644
index 0000000..f9b9f93
--- /dev/null
+++ b/distro/pkg/deb-nolibxdp/libknot14.install
@@ -0,0 +1 @@
+usr/lib/*/libknot.so.*
diff --git a/distro/pkg/deb-nolibxdp/libknot14.symbols b/distro/pkg/deb-nolibxdp/libknot14.symbols
new file mode 100644
index 0000000..b6e7caf
--- /dev/null
+++ b/distro/pkg/deb-nolibxdp/libknot14.symbols
@@ -0,0 +1,276 @@
+libknot.so.14 libknot14 #MINVER#
+* Build-Depends-Package: libknot-dev
+ KNOT_DB_LMDB_DUPSORT@Base 3.3.0
+ KNOT_DB_LMDB_INTEGERKEY@Base 3.3.0
+ KNOT_DB_LMDB_MAPASYNC@Base 3.3.0
+ KNOT_DB_LMDB_NOSYNC@Base 3.3.0
+ KNOT_DB_LMDB_NOTLS@Base 3.3.0
+ KNOT_DB_LMDB_RDONLY@Base 3.3.0
+ KNOT_DB_LMDB_WRITEMAP@Base 3.3.0
+ KNOT_DUMP_STYLE_DEFAULT@Base 3.3.0
+ knot_ctl_accept@Base 3.3.0
+ knot_ctl_alloc@Base 3.3.0
+ knot_ctl_bind@Base 3.3.0
+ knot_ctl_close@Base 3.3.0
+ knot_ctl_connect@Base 3.3.0
+ knot_ctl_free@Base 3.3.0
+ knot_ctl_receive@Base 3.3.0
+ knot_ctl_send@Base 3.3.0
+ knot_ctl_set_timeout@Base 3.3.0
+ knot_ctl_unbind@Base 3.3.0
+ knot_db_lmdb_api@Base 3.3.0
+ knot_db_lmdb_del_exact@Base 3.3.0
+ knot_db_lmdb_get_mapsize@Base 3.3.0
+ knot_db_lmdb_get_path@Base 3.3.0
+ knot_db_lmdb_get_usage@Base 3.3.0
+ knot_db_lmdb_iter_del@Base 3.3.0
+ knot_db_lmdb_txn_begin@Base 3.3.0
+ knot_db_trie_api@Base 3.3.0
+ knot_dname_cmp@Base 3.3.0
+ knot_dname_copy@Base 3.3.0
+ knot_dname_copy_lower@Base 3.3.0
+ knot_dname_free@Base 3.3.0
+ knot_dname_from_str@Base 3.3.0
+ knot_dname_in_bailiwick@Base 3.3.0
+ knot_dname_is_case_equal@Base 3.3.0
+ knot_dname_is_equal@Base 3.3.0
+ knot_dname_labels@Base 3.3.0
+ knot_dname_lf@Base 3.3.0
+ knot_dname_matched_labels@Base 3.3.0
+ knot_dname_prefixlen@Base 3.3.0
+ knot_dname_realsize@Base 3.3.0
+ knot_dname_replace_suffix@Base 3.3.0
+ knot_dname_size@Base 3.3.0
+ knot_dname_store@Base 3.3.0
+ knot_dname_to_lower@Base 3.3.0
+ knot_dname_to_str@Base 3.3.0
+ knot_dname_to_wire@Base 3.3.0
+ knot_dname_unpack@Base 3.3.0
+ knot_dname_wire_check@Base 3.3.0
+ knot_dnssec_alg_names@Base 3.3.0
+ knot_edns_add_option@Base 3.3.0
+ knot_edns_alignment_size@Base 3.3.0
+ knot_edns_chain_parse@Base 3.3.0
+ knot_edns_chain_size@Base 3.3.0
+ knot_edns_chain_write@Base 3.3.0
+ knot_edns_client_subnet_get_addr@Base 3.3.0
+ knot_edns_client_subnet_parse@Base 3.3.0
+ knot_edns_client_subnet_set_addr@Base 3.3.0
+ knot_edns_client_subnet_size@Base 3.3.0
+ knot_edns_client_subnet_write@Base 3.3.0
+ knot_edns_cookie_client_check@Base 3.3.0
+ knot_edns_cookie_client_generate@Base 3.3.0
+ knot_edns_cookie_parse@Base 3.3.0
+ knot_edns_cookie_server_check@Base 3.3.0
+ knot_edns_cookie_server_generate@Base 3.3.0
+ knot_edns_cookie_size@Base 3.3.0
+ knot_edns_cookie_write@Base 3.3.0
+ knot_edns_ede_names@Base 3.3.0
+ knot_edns_get_ext_rcode@Base 3.3.0
+ knot_edns_get_option@Base 3.3.0
+ knot_edns_get_options@Base 3.3.0
+ knot_edns_get_version@Base 3.3.0
+ knot_edns_init@Base 3.3.0
+ knot_edns_keepalive_parse@Base 3.3.0
+ knot_edns_keepalive_size@Base 3.3.0
+ knot_edns_keepalive_write@Base 3.3.0
+ knot_edns_opt_names@Base 3.3.0
+ knot_edns_reserve_option@Base 3.3.0
+ knot_edns_set_ext_rcode@Base 3.3.0
+ knot_edns_set_version@Base 3.3.0
+ knot_error_from_libdnssec@Base 3.3.0
+ knot_eth_mtu@Base 3.3.0
+ knot_eth_name_from_addr@Base 3.3.0
+ knot_eth_queues@Base 3.3.0
+ knot_eth_rss@Base 3.3.0
+ knot_eth_vlans@Base 3.3.0
+ knot_eth_xdp_mode@Base 3.3.0
+ knot_get_obsolete_rdata_descriptor@Base 3.3.0
+ knot_get_rdata_descriptor@Base 3.3.0
+ knot_naptr_header_size@Base 3.3.0
+ knot_opcode_names@Base 3.3.0
+ knot_opt_code_to_string@Base 3.3.0
+ knot_pkt_begin@Base 3.3.0
+ knot_pkt_clear@Base 3.3.0
+ knot_pkt_copy@Base 3.3.0
+ knot_pkt_ext_rcode@Base 3.3.0
+ knot_pkt_ext_rcode_name@Base 3.3.0
+ knot_pkt_free@Base 3.3.0
+ knot_pkt_init_response@Base 3.3.0
+ knot_pkt_new@Base 3.3.0
+ knot_pkt_parse@Base 3.3.0
+ knot_pkt_parse_question@Base 3.3.0
+ knot_pkt_put_question@Base 3.3.0
+ knot_pkt_put_rotate@Base 3.3.0
+ knot_pkt_reclaim@Base 3.3.0
+ knot_pkt_reserve@Base 3.3.0
+ knot_probe_alloc@Base 3.3.0
+ knot_probe_consume@Base 3.3.0
+ knot_probe_data_set@Base 3.3.0
+ knot_probe_fd@Base 3.3.0
+ knot_probe_free@Base 3.3.0
+ knot_probe_produce@Base 3.3.0
+ knot_probe_set_consumer@Base 3.3.0
+ knot_probe_set_producer@Base 3.3.0
+ knot_probe_tcp_rtt@Base 3.3.0
+ knot_quic_cleanup@Base 3.3.0
+ knot_quic_client@Base 3.3.0
+ knot_quic_conn_get_stream@Base 3.3.0
+ knot_quic_conn_local_port@Base 3.3.0
+ knot_quic_conn_new_stream@Base 3.3.0
+ knot_quic_conn_next_timeout@Base 3.3.3
+ knot_quic_conn_pin@Base 3.3.0
+ knot_quic_conn_rtt@Base 3.3.0
+ knot_quic_conn_stream_free@Base 3.3.0
+ knot_quic_creds_cert@Base 3.3.0
+ knot_quic_free_creds@Base 3.3.0
+ knot_quic_handle@Base 3.3.0
+ knot_quic_hanle_expiry@Base 3.3.3
+ knot_quic_init_creds@Base 3.3.0
+ knot_quic_init_creds_peer@Base 3.3.0
+ knot_quic_send@Base 3.3.0
+ knot_quic_session_available@Base 3.3.0
+ knot_quic_session_load@Base 3.3.0
+ knot_quic_session_save@Base 3.3.0
+ knot_quic_stream_add_data@Base 3.3.0
+ knot_quic_stream_get_process@Base 3.3.0
+ knot_quic_table_free@Base 3.3.0
+ knot_quic_table_new@Base 3.3.0
+ knot_quic_table_rem@Base 3.3.0
+ knot_quic_table_sweep@Base 3.3.0
+ knot_rcode_names@Base 3.3.0
+ knot_rdataset_add@Base 3.3.0
+ knot_rdataset_at@Base 3.3.0
+ knot_rdataset_clear@Base 3.3.0
+ knot_rdataset_copy@Base 3.3.0
+ knot_rdataset_eq@Base 3.3.0
+ knot_rdataset_intersect@Base 3.3.0
+ knot_rdataset_intersect2@Base 3.3.0
+ knot_rdataset_member@Base 3.3.0
+ knot_rdataset_merge@Base 3.3.0
+ knot_rdataset_subset@Base 3.3.0
+ knot_rdataset_subtract@Base 3.3.0
+ knot_rrclass_from_string@Base 3.3.0
+ knot_rrclass_to_string@Base 3.3.0
+ knot_rrset_add_rdata@Base 3.3.0
+ knot_rrset_clear@Base 3.3.0
+ knot_rrset_copy@Base 3.3.0
+ knot_rrset_equal@Base 3.3.0
+ knot_rrset_free@Base 3.3.0
+ knot_rrset_is_nsec3rel@Base 3.3.0
+ knot_rrset_new@Base 3.3.0
+ knot_rrset_rr_from_wire@Base 3.3.0
+ knot_rrset_rr_to_canonical@Base 3.3.0
+ knot_rrset_size@Base 3.3.0
+ knot_rrset_to_wire_extra@Base 3.3.0
+ knot_rrset_txt_dump@Base 3.3.0
+ knot_rrset_txt_dump_data@Base 3.3.0
+ knot_rrset_txt_dump_edns@Base 3.3.0
+ knot_rrset_txt_dump_header@Base 3.3.0
+ knot_rrtype_additional_needed@Base 3.3.0
+ knot_rrtype_from_string@Base 3.3.0
+ knot_rrtype_is_dnssec@Base 3.3.0
+ knot_rrtype_is_metatype@Base 3.3.0
+ knot_rrtype_should_be_lowercased@Base 3.3.0
+ knot_rrtype_to_string@Base 3.3.0
+ knot_strerror@Base 3.3.0
+ knot_svcb_param_names@Base 3.3.0
+ knot_tcp_cleanup@Base 3.3.0
+ knot_tcp_inbufs_upd@Base 3.3.0
+ knot_tcp_outbufs_ack@Base 3.3.0
+ knot_tcp_outbufs_add@Base 3.3.0
+ knot_tcp_outbufs_can_send@Base 3.3.0
+ knot_tcp_outbufs_usage@Base 3.3.0
+ knot_tcp_recv@Base 3.3.0
+ knot_tcp_reply_data@Base 3.3.0
+ knot_tcp_send@Base 3.3.0
+ knot_tcp_sweep@Base 3.3.0
+ knot_tcp_table_free@Base 3.3.0
+ knot_tcp_table_new@Base 3.3.0
+ knot_tsig_add@Base 3.3.0
+ knot_tsig_append@Base 3.3.0
+ knot_tsig_client_check@Base 3.3.0
+ knot_tsig_client_check_next@Base 3.3.0
+ knot_tsig_create_rdata@Base 3.3.0
+ knot_tsig_key_copy@Base 3.3.0
+ knot_tsig_key_deinit@Base 3.3.0
+ knot_tsig_key_init@Base 3.3.0
+ knot_tsig_key_init_file@Base 3.3.0
+ knot_tsig_key_init_str@Base 3.3.0
+ knot_tsig_rcode_names@Base 3.3.0
+ knot_tsig_rdata_alg@Base 3.3.0
+ knot_tsig_rdata_alg_name@Base 3.3.0
+ knot_tsig_rdata_error@Base 3.3.0
+ knot_tsig_rdata_fudge@Base 3.3.0
+ knot_tsig_rdata_is_ok@Base 3.3.0
+ knot_tsig_rdata_mac@Base 3.3.0
+ knot_tsig_rdata_mac_length@Base 3.3.0
+ knot_tsig_rdata_orig_id@Base 3.3.0
+ knot_tsig_rdata_other_data@Base 3.3.0
+ knot_tsig_rdata_other_data_length@Base 3.3.0
+ knot_tsig_rdata_set_fudge@Base 3.3.0
+ knot_tsig_rdata_set_mac@Base 3.3.0
+ knot_tsig_rdata_set_orig_id@Base 3.3.0
+ knot_tsig_rdata_set_other_data@Base 3.3.0
+ knot_tsig_rdata_set_time_signed@Base 3.3.0
+ knot_tsig_rdata_time_signed@Base 3.3.0
+ knot_tsig_rdata_tsig_timers_length@Base 3.3.0
+ knot_tsig_rdata_tsig_variables_length@Base 3.3.0
+ knot_tsig_server_check@Base 3.3.0
+ knot_tsig_sign@Base 3.3.0
+ knot_tsig_sign_next@Base 3.3.0
+ knot_tsig_wire_maxsize@Base 3.3.0
+ knot_tsig_wire_size@Base 3.3.0
+ knot_xdp_deinit@Base 3.3.0
+ knot_xdp_init@Base 3.3.0
+ knot_xdp_recv@Base 3.3.0
+ knot_xdp_recv_finish@Base 3.3.0
+ knot_xdp_reply_alloc@Base 3.3.0
+ knot_xdp_send@Base 3.3.0
+ knot_xdp_send_alloc@Base 3.3.0
+ knot_xdp_send_finish@Base 3.3.0
+ knot_xdp_send_free@Base 3.3.0
+ knot_xdp_send_prepare@Base 3.3.0
+ knot_xdp_socket_info@Base 3.3.0
+ knot_xdp_socket_fd@Base 3.3.0
+ yp_addr@Base 3.3.0
+ yp_addr_noport@Base 3.3.0
+ yp_addr_noport_to_bin@Base 3.3.0
+ yp_addr_noport_to_txt@Base 3.3.0
+ yp_addr_range_to_bin@Base 3.3.0
+ yp_addr_range_to_txt@Base 3.3.0
+ yp_addr_to_bin@Base 3.3.0
+ yp_addr_to_txt@Base 3.3.0
+ yp_base64_to_bin@Base 3.3.0
+ yp_base64_to_txt@Base 3.3.0
+ yp_bool_to_bin@Base 3.3.0
+ yp_bool_to_txt@Base 3.3.0
+ yp_deinit@Base 3.3.0
+ yp_dname_to_bin@Base 3.3.0
+ yp_dname_to_txt@Base 3.3.0
+ yp_format_id@Base 3.3.0
+ yp_format_key0@Base 3.3.0
+ yp_format_key1@Base 3.3.0
+ yp_hex_to_bin@Base 3.3.0
+ yp_hex_to_txt@Base 3.3.0
+ yp_init@Base 3.3.0
+ yp_int_to_bin@Base 3.3.0
+ yp_int_to_txt@Base 3.3.0
+ yp_item_to_bin@Base 3.3.0
+ yp_item_to_txt@Base 3.3.0
+ yp_option_to_bin@Base 3.3.0
+ yp_option_to_txt@Base 3.3.0
+ yp_parse@Base 3.3.0
+ yp_schema_check_deinit@Base 3.3.0
+ yp_schema_check_init@Base 3.3.0
+ yp_schema_check_parser@Base 3.3.0
+ yp_schema_check_str@Base 3.3.0
+ yp_schema_copy@Base 3.3.0
+ yp_schema_find@Base 3.3.0
+ yp_schema_free@Base 3.3.0
+ yp_schema_merge@Base 3.3.0
+ yp_schema_purge_dynamic@Base 3.3.0
+ yp_set_input_file@Base 3.3.0
+ yp_set_input_string@Base 3.3.0
+ yp_str_to_bin@Base 3.3.0
+ yp_str_to_txt@Base 3.3.0
diff --git a/distro/pkg/deb-nolibxdp/libzscanner4.install b/distro/pkg/deb-nolibxdp/libzscanner4.install
new file mode 100644
index 0000000..a8dc226
--- /dev/null
+++ b/distro/pkg/deb-nolibxdp/libzscanner4.install
@@ -0,0 +1 @@
+usr/lib/*/libzscanner.so.*
diff --git a/distro/pkg/deb-nolibxdp/libzscanner4.symbols b/distro/pkg/deb-nolibxdp/libzscanner4.symbols
new file mode 100644
index 0000000..99ac3b7
--- /dev/null
+++ b/distro/pkg/deb-nolibxdp/libzscanner4.symbols
@@ -0,0 +1,12 @@
+libzscanner.so.4 libzscanner4 #MINVER#
+* Build-Depends-Package: libknot-dev
+ zs_deinit@Base 3.1.0
+ zs_errorname@Base 3.1.0
+ zs_init@Base 3.1.0
+ zs_parse_all@Base 3.1.0
+ zs_parse_record@Base 3.1.0
+ zs_set_input_file@Base 3.1.0
+ zs_set_input_string@Base 3.1.0
+ zs_set_processing@Base 3.1.0
+ zs_set_processing_comment@Base 3.1.0
+ zs_strerror@Base 3.1.0
diff --git a/distro/pkg/deb-nolibxdp/not-installed b/distro/pkg/deb-nolibxdp/not-installed
new file mode 100644
index 0000000..c928be1
--- /dev/null
+++ b/distro/pkg/deb-nolibxdp/not-installed
@@ -0,0 +1 @@
+etc/knot/example.com.zone
diff --git a/distro/pkg/deb-nolibxdp/prepare-environment b/distro/pkg/deb-nolibxdp/prepare-environment
new file mode 100755
index 0000000..7176f5e
--- /dev/null
+++ b/distro/pkg/deb-nolibxdp/prepare-environment
@@ -0,0 +1,38 @@
+#!/bin/sh
+
+set -eu
+
+CONFFILE=${1:-/etc/knot/knot.conf}
+
+if [ ! -r $CONFFILE ]; then
+ echo "$CONFFILE doesn't exist or has wrong permissions."
+ exit 1;
+fi
+
+KNOT_RUNDIR=$(sed -ne "s/#.*$//;s/.*rundir: \"*\([^\";]*\\).*/\\1/p;" $CONFFILE)
+[ -z "$KNOT_RUNDIR" ] && KNOT_RUNDIR=/run/knot
+
+mkdir --parents "$KNOT_RUNDIR";
+
+KNOT_USER=$(sed -ne "s/#.*$//;s/.*user:[ \"]*\\([^\\:\"]*\\)[ \"]*/\\1/p;" $CONFFILE)
+
+if [ -n "$KNOT_USER" ]; then
+ if ! getent passwd $KNOT_USER >/dev/null; then
+ echo "Configured user '$KNOT_USER' doesn't exist."
+ exit 1
+ fi
+
+ KNOT_GROUP=$(sed -ne "s/#.*$//;s/.*user:[ \"]*[^\\:\"]*\\:\\([^\"]*\\)[ \"]*/\\1/p;" $CONFFILE)
+ if [ -z "$KNOT_GROUP" ]; then
+ KNOT_GROUP=$(getent group $(getent passwd "$KNOT_USER" | cut -f 4 -d :) | cut -f 1 -d :)
+ fi
+
+ if ! getent group $KNOT_GROUP >/dev/null; then
+ echo "Configured group '$KNOT_GROUP' doesn't exist."
+ exit 1
+ fi
+ chown --silent "$KNOT_USER:$KNOT_GROUP" "$KNOT_RUNDIR"
+ chmod 775 "$KNOT_RUNDIR"
+fi
+
+:
diff --git a/distro/pkg/deb-nolibxdp/python3-libknot.install b/distro/pkg/deb-nolibxdp/python3-libknot.install
new file mode 100644
index 0000000..ce92dec
--- /dev/null
+++ b/distro/pkg/deb-nolibxdp/python3-libknot.install
@@ -0,0 +1,2 @@
+usr/lib/python3*/dist-packages/libknot-*.egg-info
+usr/lib/python3*/dist-packages/libknot/*.py
diff --git a/distro/pkg/deb-nolibxdp/rules b/distro/pkg/deb-nolibxdp/rules
new file mode 100755
index 0000000..82cc34b
--- /dev/null
+++ b/distro/pkg/deb-nolibxdp/rules
@@ -0,0 +1,101 @@
+#!/usr/bin/make -f
+
+export DEB_BUILD_MAINT_OPTIONS = hardening=+all
+export DEB_CFLAGS_MAINT_APPEND = -Wall -DNDEBUG
+export DEB_LDFLAGS_MAINT_APPEND = -Wl,--as-needed
+
+export DPKG_GENSYMBOLS_CHECK_LEVEL := 4
+export KNOT_SOFTHSM2_DSO = /usr/lib/softhsm/libsofthsm2.so
+
+include /usr/share/dpkg/default.mk
+
+ifeq (maint,$(filter $(DEB_BUILD_OPTIONS),maint))
+ FASTPARSER := --disable-fastparser
+else
+ FASTPARSER := --enable-fastparser
+endif
+
+ifeq ($(DEB_HOST_ARCH),$(filter $(DEB_HOST_ARCH),hurd-i386))
+ RECVMMSG:=--enable-recvmmsg=no
+else
+ RECVMMSG:=--enable-recvmmsg=yes
+endif
+
+ifeq ($(DEB_HOST_ARCH),$(filter $(DEB_HOST_ARCH),amd64 i386))
+ RUN_TEST :=
+else
+ RUN_TEST := -timeout --kill-after=5s 5m
+endif
+
+LIBKNOT_SYMBOLS := $(wildcard $(CURDIR)/debian/libknot*.symbols)
+
+# MAJOR.MINOR version part
+BASE_VERSION := $(shell echo $(DEB_VERSION) | sed 's/^\([^.]\+\.[^.]\+\).*/\1/')
+
+# pyproject is supported by knot but fails on second `pybuild --build`
+# invocation due to bug in dh-python's plugin_pyproject.py wheel unpack
+export PYBUILD_SYSTEM = distutils
+
+
+%:
+ dh $@ \
+ --exclude=.la --exclude=example.com.zone \
+ --with python3
+
+override_dh_auto_configure:
+ dh_auto_configure -- \
+ --sysconfdir=/etc \
+ --localstatedir=/var/lib \
+ --libexecdir=/usr/lib/knot \
+ --with-rundir=/run/knot \
+ --with-moduledir=/usr/lib/$(DEB_HOST_MULTIARCH)/knot/modules-$(BASE_VERSION) \
+ --with-storage=/var/lib/knot \
+ --enable-systemd=auto \
+ --enable-dnstap \
+ --with-module-dnstap=shared \
+ --with-module-geoip=shared \
+ $(RECVMMSG) \
+ $(FASTPARSER) \
+ --disable-silent-rules \
+ --enable-xdp=yes \
+ --enable-quic=yes \
+ --disable-static
+
+override_dh_auto_configure-indep:
+ pybuild --dir python/libknot --configure
+ pybuild --dir python/knot_exporter --configure
+
+override_dh_auto_build-indep:
+ dh_auto_build -- html
+ pybuild --dir python/libknot --build
+ pybuild --dir python/knot_exporter --build
+
+override_dh_auto_install-arch:
+ dh_auto_install -- install
+ # rename knot.sample.conf to knot.conf
+ mv $(CURDIR)/debian/tmp/etc/knot/knot.sample.conf $(CURDIR)/debian/tmp/etc/knot/knot.conf
+ @if grep -E -q "DoQ support: +no" "$(CURDIR)/debian/tmp/usr/sbin/knotd"; then \
+ echo "Stripping the QUIC symbols"; \
+ sed -i '/knot_quic_/d' $(LIBKNOT_SYMBOLS); \
+ fi
+
+override_dh_auto_install-indep:
+ dh_auto_install -- install-html
+ # rename knot.sample.conf to knot.conf
+ mv $(CURDIR)/debian/tmp/etc/knot/knot.sample.conf $(CURDIR)/debian/tmp/etc/knot/knot.conf
+ pybuild --dir python/libknot --install
+ pybuild --dir python/knot_exporter --install
+ rm -rf $(CURDIR)/debian/tmp/usr/lib/python*/dist-packages/libknot/__pycache__
+ rm -rf $(CURDIR)/debian/tmp/usr/lib/python*/dist-packages/knot_exporter/__pycache__
+
+override_dh_auto_test-indep:
+override_dh_auto_test-arch:
+ifeq (,$(filter nocheck,$(DEB_BUILD_OPTIONS)))
+ $(RUN_TEST) dh_auto_test
+endif
+
+override_dh_missing:
+ dh_missing --fail-missing
+
+override_dh_installchangelogs:
+ dh_installchangelogs NEWS
diff --git a/distro/pkg/deb-nolibxdp/source/format b/distro/pkg/deb-nolibxdp/source/format
new file mode 100644
index 0000000..163aaf8
--- /dev/null
+++ b/distro/pkg/deb-nolibxdp/source/format
@@ -0,0 +1 @@
+3.0 (quilt)
diff --git a/distro/pkg/deb-nolibxdp/tests/authoritative-server b/distro/pkg/deb-nolibxdp/tests/authoritative-server
new file mode 100755
index 0000000..028dfbf
--- /dev/null
+++ b/distro/pkg/deb-nolibxdp/tests/authoritative-server
@@ -0,0 +1,150 @@
+#!/bin/bash
+
+# Author: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
+# 2018-11-02
+# License: GPLv3+
+
+# error on exit
+set -e
+# for handling jobspecs:
+set -m
+
+if [ -z "$AUTOPKGTEST_ARTIFACTS" ]; then
+ d="$(mktemp -d)"
+ remove="$d"
+else
+ d="$AUTOPKGTEST_ARTIFACTS"
+fi
+ip="${TESTIP:-127.$(( $RANDOM % 256 )).$(( $RANDOM % 256 )).$(( $RANDOM % 256 ))}"
+port="${PORT:-8123}"
+knotc="${KNOTC:-/usr/sbin/knotc}"
+knotd="${KNOTD:-/usr/sbin/knotd}"
+keymgr="${KEYMGR:-/usr/sbin/keymgr}"
+kdig="${KDIG:-$(command -v kdig)}"
+kzonecheck="${KZONECHECK:-$(command -v kzonecheck)}"
+test_address="${TEST_ADDRESS:-192.0.2.199}"
+
+declare -a knot_conf="--config=$d/knot.conf"
+declare -a knot_args=("$knot_conf" --verbose)
+
+printf "%s + %s roundtrip tests\n------------\n workdir: %s\n IP addr: %s\n knot args: %s\n" "$knotd" "$kdig" "$d" "$ip" "${knot_args[*]}"
+
+section() {
+ printf "\n%s\n" "$1"
+ sed 's/./-/g' <<<"$1"
+}
+
+cleanup () {
+ section "cleaning up"
+ find "$d" -ls
+ "${knotc}" "${knot_args[@]}" stop
+ wait %1
+ tail -n +1 -v "$d"/*.err
+ if [ "$remove" ]; then
+ printf "\ncleaning up working directory %s\n" "$remove"
+ rm -rf "$remove"
+ fi
+}
+trap cleanup EXIT
+
+section "set up config file and zonefile"
+
+user=$(id -nu)
+group=$(id -ng)
+cat > "$d/knot.conf" <<EOF
+server:
+ rundir: "$d"
+ listen: $ip@$port
+ user: $user:$group
+database:
+ storage: "$d"
+template:
+ - id: default
+ storage: "$d"
+ file: "%s.zone"
+zone:
+ - domain: example.net
+ dnssec-signing: on
+EOF
+
+cat > "$d/example.net.zone" <<EOF
+@ 1D IN SOA a.ns hostmaster 2018103100 3h 15m 1w 1d
+@ 1D IN NS a.ns.example.net.
+@ 1D IN NS b.ns.example.net.
+a.ns 1D IN A 192.0.2.1
+b.ns 1D IN A 192.0.2.2
+test 1D IN A $test_address
+EOF
+
+find "$d" -maxdepth 1 -type f -print0 | xargs -0 tail -n +1 -v
+
+mkdir -p "${d}"
+
+section "kzonecheck'ing zonefile"
+"${kzonecheck}" -v "$d/example.net.zone"
+
+section "launching knot"
+"${knotd}" "${knot_args[@]}" 2> "$d/knotd.err" &
+
+# FIXME: this is an annoying poll -- would be better if we could be
+# alerted when the daemon is done setting up the socket, but i don't
+# want to "--daemonize" if i can avoid it because i want the shell to
+# remain in direct supervision of all its processes
+tried=0
+while [ $tried -lt 10 ] ; do
+ if "${knotc}" "${knot_args[@]}" status 2>&1; then
+ break;
+ fi
+ sleep 0.5
+ tried=$(( $tried + 1 ))
+done
+if [ $tried -ge 10 ]; then
+ printf "failed to use %s\n" "${knotc}" >&2
+ exit 1
+fi
+
+section "querying knot"
+"${kdig}" -p "${port}" @"${ip}" -t A test.example.net test2.example.net
+answer="$("${kdig}" +short -p "${port}" @"${ip}" -t A test.example.net)"
+if ! [ "$answer" = "$test_address" ]; then
+ printf "test.example.net mismatch!\nexpected: %s\n got: %s\n" "$test_address" "$answer" >&2
+ exit 1
+fi
+answer2="$("${kdig}" +short -p "${port}" @"${ip}" -t A test2.example.net)"
+if ! [ "$answer2" = "" ]; then
+ printf "test2.example.net gave unexpected answer!\n got: %s\n" "$answer2" >&2
+ exit 1
+fi
+
+section "modifying zone"
+printf "test2 1D IN A $test_address\n" >>"$d/example.net.zone"
+sed -i 's/^@ 1D IN SOA.*/@ 1D IN SOA a.ns hostmaster 2018110100 3h 15m 1w 1d/' "$d/example.net.zone"
+"${knotc}" "${knot_args[@]}" reload
+sleep 1
+
+section "querying again"
+"${kdig}" -p "${port}" @"${ip}" -t A test.example.net test2.example.net
+answer="$("${kdig}" +short -p "${port}" @"${ip}" -t A test.example.net)"
+if ! [ "$answer" = "$test_address" ]; then
+ printf "test.example.net mismatch!\nexpected: %s\n got: %s\n" "$test_address" "$answer" >&2
+ exit 1
+fi
+answer2="$("${kdig}" +short -p "${port}" @"${ip}" -t A test2.example.net)"
+if ! [ "$answer2" = "$test_address" ]; then
+ printf "test2.example.net mismatch!\nexpected: %s\n got: %s\n" "$test_address" "$answer2" >&2
+ exit 1
+fi
+
+section "querying DNSSEC"
+"${kdig}" -p "${port}" @"${ip}" -t DNSKEY example.net. +dnssec
+if ! "${kdig}" -p "${port}" @"${ip}" -t DNSKEY example.net. +dnssec 2>&1 | grep -q "RRSIG[[:space:]]*DNSKEY"; then
+ printf "DNSSEC query not successful" >&2
+ exit 1
+fi
+
+section "listing keys with keymgr"
+"${keymgr}" "$knot_conf" -e example.net. list
+if ! "${keymgr}" "$knot_conf" -e example.net. list 2>&1 | grep -q "ksk=yes"; then
+ printf "keymgr did not list KSK as expected" >&2
+ exit 1
+fi
diff --git a/distro/pkg/deb-nolibxdp/tests/control b/distro/pkg/deb-nolibxdp/tests/control
new file mode 100644
index 0000000..e8b3dcb
--- /dev/null
+++ b/distro/pkg/deb-nolibxdp/tests/control
@@ -0,0 +1,13 @@
+Tests: kdig
+Restrictions: skippable
+Depends:
+ ca-certificates,
+ iputils-ping,
+ knot-dnsutils,
+
+Tests: authoritative-server
+Depends:
+ findutils,
+ knot,
+ knot-dnsutils,
+ knot-dnssecutils,
diff --git a/distro/pkg/deb-nolibxdp/tests/kdig b/distro/pkg/deb-nolibxdp/tests/kdig
new file mode 100755
index 0000000..f1dbe5a
--- /dev/null
+++ b/distro/pkg/deb-nolibxdp/tests/kdig
@@ -0,0 +1,14 @@
+#!/bin/bash
+
+set -e
+
+# Skip the test if no internet access
+ping -c1 1.1.1.1 2>&1 || exit 77
+
+expected=198.41.0.4
+answer=$(kdig +short +tls-ca @1.1.1.1 -q a.root-servers.net. -t A 2>&1 || true)
+
+if [ "$answer" != "$expected" ]; then
+ printf "expected: %s\ngot: %s\n" "$expected" "$answer" >&2
+ kdig -d +tls-ca @1.1.1.1 -q a.root-servers.net. -t A
+fi
diff --git a/distro/pkg/deb-nolibxdp/ufw/knot b/distro/pkg/deb-nolibxdp/ufw/knot
new file mode 100644
index 0000000..ee36916
--- /dev/null
+++ b/distro/pkg/deb-nolibxdp/ufw/knot
@@ -0,0 +1,4 @@
+[Knot]
+title=Internet Domain Name Server
+description=The Knot DNS implements an Internet domain name server.
+ports=53
diff --git a/distro/pkg/deb-nolibxdp/watch b/distro/pkg/deb-nolibxdp/watch
new file mode 100644
index 0000000..7cf9ea1
--- /dev/null
+++ b/distro/pkg/deb-nolibxdp/watch
@@ -0,0 +1,4 @@
+version=4
+opts=uversionmangle=s/-((alpha|beta|rc)\d*)$/~$1/,pgpsigurlmangle=s/$/.asc/,dversionmangle=s/\+hotfix// \
+https://secure.nic.cz/files/knot-dns/ \
+(?:|.*/)knot(?:[_\-]v?|)(\d\S*)\.(?:tar\.xz|txz|tar\.bz2|tbz2|tar\.gz|tgz)
diff --git a/distro/pkg/deb-noxdp/changelog b/distro/pkg/deb-noxdp/changelog
new file mode 100644
index 0000000..123f92b
--- /dev/null
+++ b/distro/pkg/deb-noxdp/changelog
@@ -0,0 +1,6 @@
+knot ({{ version }}-cznic.{{ release }}) unstable; urgency=medium
+
+ * upstream package
+ * see https://www.knot-dns.cz
+
+ -- Knot DNS <knot-dns@labs.nic.cz> {{ now }}
diff --git a/distro/pkg/deb-noxdp/clean b/distro/pkg/deb-noxdp/clean
new file mode 100644
index 0000000..b2a9f3f
--- /dev/null
+++ b/distro/pkg/deb-noxdp/clean
@@ -0,0 +1,2 @@
+doc/modules
+.pybuild/
diff --git a/distro/pkg/deb-noxdp/compat b/distro/pkg/deb-noxdp/compat
new file mode 100644
index 0000000..b4de394
--- /dev/null
+++ b/distro/pkg/deb-noxdp/compat
@@ -0,0 +1 @@
+11
diff --git a/distro/pkg/deb-noxdp/control b/distro/pkg/deb-noxdp/control
new file mode 100644
index 0000000..147715a
--- /dev/null
+++ b/distro/pkg/deb-noxdp/control
@@ -0,0 +1,287 @@
+Source: knot
+Section: net
+Priority: optional
+Maintainer: Knot DNS <knot-dns@labs.nic.cz>
+Uploaders:
+ Jakub Ružička <jakub.ruzicka@nic.cz>,
+ Daniel Salzman <daniel.salzman@nic.cz>,
+Build-Depends-Indep:
+ python3-setuptools,
+ python3-sphinx,
+Build-Depends:
+ autoconf,
+ automake,
+ debhelper (>= 11),
+ dh-python,
+ libcap-ng-dev,
+ libedit-dev,
+ libfstrm-dev,
+ libgnutls28-dev,
+ libidn2-dev,
+ liblmdb-dev,
+ libmaxminddb-dev,
+ libmnl-dev,
+ libnghttp2-dev,
+ libprotobuf-c-dev,
+ libsofthsm2 <!nocheck>,
+ libsystemd-dev [linux-any] | libsystemd-daemon-dev [linux-any],
+ libsystemd-dev [linux-any] | libsystemd-journal-dev [linux-any],
+ libtool,
+ liburcu-dev,
+ pkg-config,
+ protobuf-c-compiler,
+ python3-all,
+Standards-Version: 4.5.0
+Homepage: https://www.knot-dns.cz/
+Vcs-Browser: https://gitlab.nic.cz/knot/knot-dns
+Vcs-Git: https://gitlab.nic.cz/knot/knot-dns.git
+Rules-Requires-Root: no
+
+Package: knot
+Architecture: any
+Depends:
+ adduser,
+ libdnssec9 (= ${binary:Version}),
+ libknot14 (= ${binary:Version}),
+ libzscanner4 (= ${binary:Version}),
+ lsb-base (>= 3.0-6),
+ ${misc:Depends},
+ ${shlibs:Depends},
+Pre-Depends:
+ ${misc:Pre-Depends},
+Suggests:
+ systemd,
+Description: Authoritative domain name server
+ Knot DNS is a fast, authoritative only, high performance, feature
+ full and open source name server.
+ .
+ Knot DNS is developed by CZ.NIC Labs, the R&D department of .CZ
+ registry and hence is well suited to run anything from the root
+ zone, the top-level domain, to many smaller standard domain names.
+
+Package: libknot14
+Architecture: any
+Multi-Arch: same
+Depends:
+ ${misc:Depends},
+ ${shlibs:Depends},
+Section: libs
+Description: DNS shared library from Knot DNS
+ Knot DNS is a fast, authoritative only, high performance, feature
+ full and open source name server.
+ .
+ Knot DNS is developed by CZ.NIC Labs, the R&D department of .CZ
+ registry and hence is well suited to run anything from the root
+ zone, the top-level domain, to many smaller standard domain names.
+ .
+ This package provides a DNS shared library used by Knot DNS and
+ Knot Resolver.
+
+Package: libzscanner4
+Architecture: any
+Multi-Arch: same
+Depends:
+ ${misc:Depends},
+ ${shlibs:Depends},
+Section: libs
+Description: DNS zone-parsing shared library from Knot DNS
+ Knot DNS is a fast, authoritative only, high performance, feature
+ full and open source name server.
+ .
+ Knot DNS is developed by CZ.NIC Labs, the R&D department of .CZ
+ registry and hence is well suited to run anything from the root
+ zone, the top-level domain, to many smaller standard domain names.
+ .
+ This package provides a fast zone parser shared library used by Knot
+ DNS and Knot Resolver.
+
+Package: libdnssec9
+Architecture: any
+Multi-Arch: same
+Depends:
+ ${misc:Depends},
+ ${shlibs:Depends},
+Section: libs
+Description: DNSSEC shared library from Knot DNS
+ Knot DNS is a fast, authoritative only, high performance, feature
+ full and open source name server.
+ .
+ Knot DNS is developed by CZ.NIC Labs, the R&D department of .CZ
+ registry and hence is well suited to run anything from the root
+ zone, the top-level domain, to many smaller standard domain names.
+ .
+ This package provides common DNSSEC shared library used by Knot DNS
+ and Knot Resolver.
+
+Package: libknot-dev
+Architecture: any
+Depends:
+ libdnssec9 (= ${binary:Version}),
+ libgnutls28-dev,
+ libknot14 (= ${binary:Version}),
+ libzscanner4 (= ${binary:Version}),
+ ${misc:Depends},
+ ${shlibs:Depends},
+Section: libdevel
+Description: Knot DNS shared library development files
+ Knot DNS is a fast, authoritative only, high performance, feature
+ full and open source name server.
+ .
+ Knot DNS is developed by CZ.NIC Labs, the R&D department of .CZ
+ registry and hence is well suited to run anything from the root
+ zone, the top-level domain, to many smaller standard domain names.
+ .
+ This package provides development files for shared libraries from Knot DNS.
+
+Package: knot-dnsutils
+Architecture: any
+Depends:
+ libdnssec9 (= ${binary:Version}),
+ libknot14 (= ${binary:Version}),
+ libzscanner4 (= ${binary:Version}),
+ ${misc:Depends},
+ ${shlibs:Depends},
+Description: DNS clients provided with Knot DNS (kdig, knsupdate)
+ Knot DNS is a fast, authoritative only, high performance, feature
+ full and open source name server.
+ .
+ Knot DNS is developed by CZ.NIC Labs, the R&D department of .CZ
+ registry and hence is well suited to run anything from the root
+ zone, the top-level domain, to many smaller standard domain names.
+ .
+ This package delivers various DNS client programs from Knot DNS.
+ .
+ - kdig - query a DNS server in various ways
+ - knsupdate - perform dynamic updates (See RFC2136)
+ .
+ Those clients were designed to be almost 1:1 compatible with BIND dnsutils,
+ but they provide some enhancements, which are documented.
+ .
+ WARNING: knslookup is not provided as it is considered obsolete.
+
+Package: knot-dnssecutils
+Architecture: any
+Depends:
+ libdnssec9 (= ${binary:Version}),
+ libknot14 (= ${binary:Version}),
+ libzscanner4 (= ${binary:Version}),
+ ${misc:Depends},
+ ${shlibs:Depends},
+Description: DNSSEC tools provided with Knot DNS
+ Knot DNS is a fast, authoritative only, high performance, feature
+ full and open source name server.
+ .
+ Knot DNS is developed by CZ.NIC Labs, the R&D department of .CZ
+ registry and hence is well suited to run anything from the root
+ zone, the top-level domain, to many smaller standard domain names.
+ .
+ This package delivers various DNSSEC tools from Knot DNS.
+ .
+ - kzonecheck
+ - kzonesign
+ - knsec3hash
+
+Package: knot-host
+Architecture: any
+Depends:
+ libdnssec9 (= ${binary:Version}),
+ libknot14 (= ${binary:Version}),
+ libzscanner4 (= ${binary:Version}),
+ ${misc:Depends},
+ ${shlibs:Depends},
+Description: Version of 'host' bundled with Knot DNS
+ Knot DNS is a fast, authoritative only, high performance, feature
+ full and open source name server.
+ .
+ Knot DNS is developed by CZ.NIC Labs, the R&D department of .CZ
+ registry and hence is well suited to run anything from the root
+ zone, the top-level domain, to many smaller standard domain names.
+ .
+ This package provides the 'host' program from Knot DNS. This program is
+ designed to be almost 1:1 compatible with BIND 9.x 'host' program.
+
+Package: knot-module-dnstap
+Architecture: any
+Multi-Arch: same
+Depends:
+ knot (= ${binary:Version}),
+ ${misc:Depends},
+ ${shlibs:Depends},
+Description: dnstap module for Knot DNS
+ Knot DNS is a fast, authoritative only, high performance, feature
+ full and open source name server.
+ .
+ Knot DNS is developed by CZ.NIC Labs, the R&D department of .CZ
+ registry and hence is well suited to run anything from the root
+ zone, the top-level domain, to many smaller standard domain names.
+ .
+ This package contains dnstap module for logging DNS traffic.
+
+Package: knot-module-geoip
+Architecture: any
+Multi-Arch: same
+Depends:
+ knot (= ${binary:Version}),
+ ${misc:Depends},
+ ${shlibs:Depends},
+Description: geoip module for Knot DNS
+ Knot DNS is a fast, authoritative only, high performance, feature
+ full and open source name server.
+ .
+ Knot DNS is developed by CZ.NIC Labs, the R&D department of .CZ
+ registry and hence is well suited to run anything from the root
+ zone, the top-level domain, to many smaller standard domain names.
+ .
+ This package contains geoip module for geography-based responses.
+
+Package: knot-doc
+Architecture: all
+Multi-Arch: foreign
+Depends:
+ libjs-jquery,
+ libjs-sphinxdoc,
+ libjs-underscore,
+ ${misc:Depends},
+Section: doc
+Description: Documentation for Knot DNS
+ Knot DNS is a fast, authoritative only, high performance, feature
+ full and open source name server.
+ .
+ Knot DNS is developed by CZ.NIC Labs, the R&D department of .CZ
+ registry and hence is well suited to run anything from the root
+ zone, the top-level domain, to many smaller standard domain names.
+ .
+ This package provides various documents that are useful for
+ maintaining a working Knot DNS installation.
+
+Package: knot-exporter
+Architecture: all
+Depends:
+ ${misc:Depends},
+ ${python3:Depends},
+Section: python
+Description: Prometheus exporter for Knot DNS
+ Knot DNS is a fast, authoritative only, high performance, feature
+ full and open source name server.
+ .
+ Knot DNS is developed by CZ.NIC Labs, the R&D department of .CZ
+ registry and hence is well suited to run anything from the root
+ zone, the top-level domain, to many smaller standard domain names.
+ .
+ This package provides Python Prometheus exporter for Knot DNS.
+
+Package: python3-libknot
+Architecture: all
+Depends:
+ ${misc:Depends},
+ ${python3:Depends},
+Section: python
+Description: Python bindings for libknot
+ Knot DNS is a fast, authoritative only, high performance, feature
+ full and open source name server.
+ .
+ Knot DNS is developed by CZ.NIC Labs, the R&D department of .CZ
+ registry and hence is well suited to run anything from the root
+ zone, the top-level domain, to many smaller standard domain names.
+ .
+ This package provides Python bindings for the libknot shared library.
diff --git a/distro/pkg/deb-noxdp/copyright b/distro/pkg/deb-noxdp/copyright
new file mode 100644
index 0000000..20c8b97
--- /dev/null
+++ b/distro/pkg/deb-noxdp/copyright
@@ -0,0 +1,179 @@
+Format: https://www.debian.org/doc/packaging-manuals/copyright-format/1.0/
+Upstream-Name: Knot DNS
+Upstream-Contact: knot-dns@labs.nic.cz
+Source: https://secure.nic.cz/files/knot-dns/
+
+Files: *
+Copyright: 2011-2023 CZ.NIC, z.s.p.o. <knot-dns@labs.nic.cz>
+License: GPL-3+
+
+Files: m4/*
+Copyright: 2011-2022 CZ.NIC, z.s.p.o. <knot-dns@labs.nic.cz>
+ 1996-2001, 2003-2015 Free Software Foundation, Inc.
+License: GPL-3+
+
+Files: install-sh
+Copyright: 1994 X Consortium
+License: MIT
+
+Files: debian/* distro/pkg/deb/*
+Copyright: 2011-2023 CZ.NIC, z.s.p.o. <knot-dns@labs.nic.cz>
+ 2011 Ondřej Surý <ondrej@debian.org>
+License: GPL-3+
+
+Files: tests/tap/*
+Copyright: 2000-2001, 2004, 2006-2012 Russ Allbery <rra@stanford.edu>
+ 2006, 2007, 2008, 2013 The Board of Trustees of the Leland Stanford Junior University
+License: MIT
+
+Files: tests/tap/files.*
+Copyright: 2011-2019 CZ.NIC, z.s.p.o. <knot-dns@labs.nic.cz>
+License: GPL-3+
+
+Files: src/contrib/dnstap/*
+Copyright: 2014, Farsight Security, Inc. <software@farsightsecurity.com>
+ 2011-2022 CZ.NIC, z.s.p.o. <knot-dns@labs.nic.cz>
+License: GPL-3+
+
+Files: src/contrib/libngtcp2/*
+Copyright: 2016-2023 ngtcp2 contributors
+ 2012-2017 nghttp2 contributors
+License: MIT
+
+Files: src/contrib/musl/*
+Copyright: 2005-2020 Rich Felker, et al.
+License: MIT
+
+Files: src/contrib/openbsd/siphash.*
+Copyright: 2013 Andre Oppermann <andre@FreeBSD.org>
+License: BSD-3-Clause
+
+Files: src/contrib/openbsd/strl*
+Copyright: 1998 Todd C. Miller <Todd.Miller@courtesan.com>
+License: 0BSD
+
+Files: src/contrib/proxyv2/*
+Copyright: 2022 CZ.NIC, z.s.p.o. <knot-dns@labs.nic.cz>
+ 2021 Fastly, Inc.
+License: GPL-3+
+
+Files: src/contrib/qp-trie/*
+Copyright: 2011-2019 CZ.NIC, z.s.p.o. <knot-dns@labs.nic.cz>
+ 2018 Tony Finch <dot@dotat.at>
+License: GPL-3+
+
+Files: src/contrib/ucw/*
+Copyright: 2011-2022 CZ.NIC, z.s.p.o. <knot-dns@labs.nic.cz>
+ 1997-2017 Martin Mares <mj@ucw.cz>
+ 2007 Pavel Charvat <pchar@ucw.cz>
+ 2012 Ondrej Filip <feela@network.cz>
+License: LGPL-2.0
+
+Files: src/contrib/ucw/heap.h
+Copyright: 2011-2022 CZ.NIC, z.s.p.o. <knot-dns@labs.nic.cz>
+License: GPL-3+
+
+Files: src/contrib/url-parser/*
+Copyright: 2020 Igor Sysoev
+ 2020 Nginx, Inc.
+ 2020 Joyent, Inc.
+License: MIT
+
+Files: src/contrib/vpool/*
+Copyright: 2006, 2008 Alexey Vatchenko <av@bsdua.org>
+License: 0BSD
+
+Files: tests-fuzz/main.c
+Copyright: 2011-2019 CZ.NIC, z.s.p.o. <knot-dns@labs.nic.cz>
+ 2017 Tim Ruehsen
+License: MIT
+
+License: GPL-3+
+ This program is free software: you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation, either version 3 of the License, or
+ (at your option) any later version.
+ .
+ This program is distributed in the hope that it will be useful, but
+ WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ General Public License for more details.
+ .
+ You should have received a copy of the GNU General Public License
+ along with this program. If not, see <https://www.gnu.org/licenses/>.
+ .
+ On Debian systems, the full text of the GNU General Public License
+ version 3 can be found in the file `/usr/share/common-licenses/GPL-3'.
+
+License: LGPL-2.0
+ This library is free software; you can redistribute it and/or
+ modify it under the terms of the GNU Library General Public
+ License as published by the Free Software Foundation; either
+ version 2 of the License, or (at your option) any later version.
+ .
+ This library is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ Library General Public License for more details.
+ .
+ You should have received a copy of the GNU Library General Public
+ License along with this library; if not, write to the
+ Free Software Foundation, Inc., 51 Franklin St, Fifth Floor,
+ Boston, MA 02110-1301, USA.
+
+License: 0BSD
+ Permission to use, copy, modify, and distribute this software for any
+ purpose with or without fee is hereby granted, provided that the above
+ copyright notice and this permission notice appear in all copies.
+ .
+ THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+ WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+ MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+ ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+ WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+ ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+ OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+
+License: BSD-3-Clause
+ Redistribution and use in source and binary forms, with or without modification,
+ are permitted provided that the following conditions are met:
+ 1. Redistributions of source code must retain the above copyright notice, this
+ list of conditions and the following disclaimer.
+ 2. Redistributions in binary form must reproduce the above copyright notice,
+ this list of conditions and the following disclaimer in the documentation
+ and/or other materials provided with the distribution.
+ 3. Neither the name of the copyright holder nor the names of its contributors
+ may be used to endorse or promote products derived from this software without
+ specific prior written permission.
+ .
+ THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
+ ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+ WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
+ IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
+ INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
+ BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+ DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
+ LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
+ OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ OF THE POSSIBILITY OF SUCH DAMAGE.
+
+License: MIT
+ Permission is hereby granted, free of charge, to any person obtaining
+ a copy of this software and associated documentation files (the
+ "Software"), to deal in the Software without restriction, including
+ without limitation the rights to use, copy, modify, merge, publish,
+ distribute, sublicense, and/or sell copies of the Software, and to
+ permit persons to whom the Software is furnished to do so, subject to
+ the following conditions:
+ .
+ The above copyright notice and this permission notice shall be
+ included in all copies or substantial portions of the Software.
+ .
+ THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+ EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+ MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+ NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS
+ BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN
+ ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
+ CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+ SOFTWARE.
diff --git a/distro/pkg/deb-noxdp/cz.nic.knotd.conf b/distro/pkg/deb-noxdp/cz.nic.knotd.conf
new file mode 100644
index 0000000..50af87a
--- /dev/null
+++ b/distro/pkg/deb-noxdp/cz.nic.knotd.conf
@@ -0,0 +1,9 @@
+<!DOCTYPE busconfig PUBLIC "-//freedesktop//DTD D-BUS Bus Configuration 1.0//EN" "http://www.freedesktop.org/standards/dbus/1.0/busconfig.dtd">
+<busconfig>
+ <policy user="knot">
+ <allow own="cz.nic.knotd" />
+ </policy>
+ <policy context="default">
+ <allow receive_sender="cz.nic.knotd" />
+ </policy>
+</busconfig>
diff --git a/distro/pkg/deb-noxdp/docs b/distro/pkg/deb-noxdp/docs
new file mode 100644
index 0000000..b43bf86
--- /dev/null
+++ b/distro/pkg/deb-noxdp/docs
@@ -0,0 +1 @@
+README.md
diff --git a/distro/pkg/deb-noxdp/knot-dnssecutils.install b/distro/pkg/deb-noxdp/knot-dnssecutils.install
new file mode 100644
index 0000000..20009e8
--- /dev/null
+++ b/distro/pkg/deb-noxdp/knot-dnssecutils.install
@@ -0,0 +1,3 @@
+usr/bin/knsec3hash
+usr/bin/kzonecheck
+usr/bin/kzonesign
diff --git a/distro/pkg/deb-noxdp/knot-dnssecutils.manpages b/distro/pkg/deb-noxdp/knot-dnssecutils.manpages
new file mode 100644
index 0000000..913c4cb
--- /dev/null
+++ b/distro/pkg/deb-noxdp/knot-dnssecutils.manpages
@@ -0,0 +1,3 @@
+usr/share/man/man1/knsec3hash.1
+usr/share/man/man1/kzonecheck.1
+usr/share/man/man1/kzonesign.1
diff --git a/distro/pkg/deb-noxdp/knot-dnsutils.install b/distro/pkg/deb-noxdp/knot-dnsutils.install
new file mode 100644
index 0000000..960fa92
--- /dev/null
+++ b/distro/pkg/deb-noxdp/knot-dnsutils.install
@@ -0,0 +1,2 @@
+usr/bin/kdig
+usr/bin/knsupdate
diff --git a/distro/pkg/deb-noxdp/knot-dnsutils.manpages b/distro/pkg/deb-noxdp/knot-dnsutils.manpages
new file mode 100644
index 0000000..3cc29ec
--- /dev/null
+++ b/distro/pkg/deb-noxdp/knot-dnsutils.manpages
@@ -0,0 +1,2 @@
+usr/share/man/man1/kdig.1
+usr/share/man/man1/knsupdate.1
diff --git a/distro/pkg/deb-noxdp/knot-doc.install b/distro/pkg/deb-noxdp/knot-doc.install
new file mode 100644
index 0000000..c2a345d
--- /dev/null
+++ b/distro/pkg/deb-noxdp/knot-doc.install
@@ -0,0 +1 @@
+usr/share/doc/knot/* /usr/share/doc/knot-doc/
diff --git a/distro/pkg/deb-noxdp/knot-doc.links b/distro/pkg/deb-noxdp/knot-doc.links
new file mode 100644
index 0000000..1376b3a
--- /dev/null
+++ b/distro/pkg/deb-noxdp/knot-doc.links
@@ -0,0 +1,5 @@
+usr/share/javascript/jquery/jquery.min.js usr/share/doc/knot-doc/_static/jquery.js
+usr/share/javascript/sphinxdoc/1.0/doctools.js usr/share/doc/knot-doc/_static/doctools.js
+usr/share/javascript/sphinxdoc/1.0/language_data.js usr/share/doc/knot-doc/_static/language_data.js
+usr/share/javascript/sphinxdoc/1.0/searchtools.js usr/share/doc/knot-doc/_static/searchtools.js
+usr/share/javascript/underscore/underscore.min.js usr/share/doc/knot-doc/_static/underscore.js
diff --git a/distro/pkg/deb-noxdp/knot-exporter.install b/distro/pkg/deb-noxdp/knot-exporter.install
new file mode 100644
index 0000000..4c2d5ed
--- /dev/null
+++ b/distro/pkg/deb-noxdp/knot-exporter.install
@@ -0,0 +1,3 @@
+usr/lib/python3*/dist-packages/knot_exporter-*.egg-info
+usr/lib/python3*/dist-packages/knot_exporter/*.py
+usr/bin/knot-exporter /usr/sbin/knot-exporter
diff --git a/distro/pkg/deb-noxdp/knot-host.install b/distro/pkg/deb-noxdp/knot-host.install
new file mode 100644
index 0000000..51bacf0
--- /dev/null
+++ b/distro/pkg/deb-noxdp/knot-host.install
@@ -0,0 +1 @@
+usr/bin/khost
diff --git a/distro/pkg/deb-noxdp/knot-host.manpages b/distro/pkg/deb-noxdp/knot-host.manpages
new file mode 100644
index 0000000..4891e2c
--- /dev/null
+++ b/distro/pkg/deb-noxdp/knot-host.manpages
@@ -0,0 +1 @@
+usr/share/man/man1/khost.1
diff --git a/distro/pkg/deb-noxdp/knot-module-dnstap.install b/distro/pkg/deb-noxdp/knot-module-dnstap.install
new file mode 100644
index 0000000..983455e
--- /dev/null
+++ b/distro/pkg/deb-noxdp/knot-module-dnstap.install
@@ -0,0 +1 @@
+usr/lib/*/knot/modules-*/dnstap.so
diff --git a/distro/pkg/deb-noxdp/knot-module-geoip.install b/distro/pkg/deb-noxdp/knot-module-geoip.install
new file mode 100644
index 0000000..16d87c3
--- /dev/null
+++ b/distro/pkg/deb-noxdp/knot-module-geoip.install
@@ -0,0 +1 @@
+usr/lib/*/knot/modules-*/geoip.so
diff --git a/distro/pkg/deb-noxdp/knot.dirs b/distro/pkg/deb-noxdp/knot.dirs
new file mode 100644
index 0000000..6e937aa
--- /dev/null
+++ b/distro/pkg/deb-noxdp/knot.dirs
@@ -0,0 +1 @@
+var/lib/knot
diff --git a/distro/pkg/deb-noxdp/knot.init b/distro/pkg/deb-noxdp/knot.init
new file mode 100644
index 0000000..3f8fcae
--- /dev/null
+++ b/distro/pkg/deb-noxdp/knot.init
@@ -0,0 +1,149 @@
+#!/bin/sh
+### BEGIN INIT INFO
+# Provides: knot
+# Required-Start: $network $local_fs $remote_fs $syslog
+# Required-Stop: $remote_fs $syslog
+# Default-Start: 2 3 4 5
+# Default-Stop: 0 1 6
+# Short-Description: authoritative domain name server
+# Description: Knot DNS is a authoritative-only domain name server
+### END INIT INFO
+
+# Author: Ondřej Surý <ondrej@debian.org>
+
+# PATH should only include /usr/* if it runs after the mountnfs.sh script
+PATH=/sbin:/usr/sbin:/bin:/usr/bin
+DESC="Knot DNS server" # Introduce a short description here
+NAME=knotd # Introduce the short server's name here
+DAEMON=/usr/sbin/$NAME # Introduce the server's location here
+PIDFILE=/run/knot/knot.pid
+SCRIPTNAME=/etc/init.d/knot
+KNOTC=/usr/sbin/knotc
+RUNDIR=/run/knot
+
+# Exit if the package is not installed
+[ -x $DAEMON ] || exit 0
+
+KNOTD_ARGS=""
+
+# Read configuration variable file if it is present
+[ -r /etc/default/knot ] && . /etc/default/knot
+
+DAEMON_ARGS="-d $KNOTD_ARGS"
+
+# Define LSB log_* functions.
+# Depend on sysvinit-utils (>= 2.96) to ensure that this file is present.
+. /lib/lsb/init-functions
+
+#
+# Function that starts the daemon/service
+#
+do_start()
+{
+ # Return
+ # 0 if daemon has been started
+ # 1 if daemon was already running
+ # 2 if daemon could not be started
+
+ $KNOTC status >/dev/null 2>/dev/null \
+ && return 1
+
+ start-stop-daemon --start --quiet --pidfile $PIDFILE --exec $DAEMON --test > /dev/null \
+ || return 1
+ start-stop-daemon --start --quiet --pidfile $PIDFILE --exec $DAEMON -- \
+ $DAEMON_ARGS \
+ || return 2
+}
+
+#
+# Function that stops the daemon/service
+#
+do_stop()
+{
+ # Return
+ # 0 if daemon has been stopped
+ # 1 if daemon was already stopped
+ # 2 if daemon could not be stopped
+ # other if a failure occurred
+
+ $KNOTC status >/dev/null 2>/dev/null \
+ || return 1
+
+ $KNOTC stop >/dev/null
+ RETVAL="$?"
+ [ $? = 1 ] && return 2
+
+ # Many daemons don't delete their pidfiles when they exit.
+ rm -f $PIDFILE
+ return 0
+}
+
+do_reload() {
+ $KNOTC reload >/dev/null
+ return $?
+}
+
+do_mkrundir() {
+ mkdir -p $RUNDIR
+ chmod 0755 $RUNDIR
+ chown knot:knot $RUNDIR
+}
+
+case "$1" in
+ start)
+ do_mkrundir
+ log_daemon_msg "Starting $DESC " "$NAME"
+ do_start
+ case "$?" in
+ 0|1) log_end_msg 0 ;;
+ 2) log_end_msg 1 ;;
+ esac
+ ;;
+ stop)
+ log_daemon_msg "Stopping $DESC" "$NAME"
+ do_stop
+ case "$?" in
+ 0|1) log_end_msg 0 ;;
+ 2) log_end_msg 1 ;;
+ esac
+ ;;
+ status)
+ STATUS=$($KNOTC status 2>&1 >/dev/null)
+ RETVAL=$?
+ if [ $RETVAL = 0 ]; then
+ log_success_msg "$NAME is running"
+ else
+ log_failure_msg "$NAME is not running ($STATUS)"
+ fi
+ exit $RETVAL
+ ;;
+ reload|force-reload)
+ log_daemon_msg "Reloading $DESC" "$NAME"
+ do_reload
+ log_end_msg $?
+ ;;
+ restart)
+ log_daemon_msg "Restarting $DESC" "$NAME"
+ do_stop
+ case "$?" in
+ 0|1)
+ do_start
+ case "$?" in
+ 0) log_end_msg 0 ;;
+ 1) log_end_msg 1 ;; # Old process is still running
+ *) log_end_msg 1 ;; # Failed to start
+ esac
+ ;;
+ *)
+ # Failed to stop
+ log_end_msg 1
+ ;;
+ esac
+ ;;
+ *)
+ echo "Usage: $SCRIPTNAME {start|stop|status|restart|reload|force-reload}" >&2
+ exit 3
+ ;;
+esac
+
+:
diff --git a/distro/pkg/deb-noxdp/knot.install b/distro/pkg/deb-noxdp/knot.install
new file mode 100644
index 0000000..5c716fc
--- /dev/null
+++ b/distro/pkg/deb-noxdp/knot.install
@@ -0,0 +1,8 @@
+debian/cz.nic.knotd.conf usr/share/dbus-1/system.d/
+debian/ufw/knot etc/ufw/applications.d/
+etc/knot/knot.conf
+usr/sbin/kcatalogprint
+usr/sbin/keymgr
+usr/sbin/kjournalprint
+usr/sbin/knotc
+usr/sbin/knotd
diff --git a/distro/pkg/deb-noxdp/knot.manpages b/distro/pkg/deb-noxdp/knot.manpages
new file mode 100644
index 0000000..5d23e9f
--- /dev/null
+++ b/distro/pkg/deb-noxdp/knot.manpages
@@ -0,0 +1,6 @@
+usr/share/man/man5/knot.conf.5
+usr/share/man/man8/kcatalogprint.8
+usr/share/man/man8/keymgr.8
+usr/share/man/man8/kjournalprint.8
+usr/share/man/man8/knotc.8
+usr/share/man/man8/knotd.8
diff --git a/distro/pkg/deb-noxdp/knot.postinst b/distro/pkg/deb-noxdp/knot.postinst
new file mode 100644
index 0000000..da747c8
--- /dev/null
+++ b/distro/pkg/deb-noxdp/knot.postinst
@@ -0,0 +1,16 @@
+#!/bin/sh
+set -e
+
+if [ "$1" = "configure" ]; then
+ if ! getent passwd knot > /dev/null; then
+ adduser --quiet --system --group --no-create-home --home /var/lib/knot knot
+ fi
+
+ dpkg-statoverride --list /var/lib/knot >/dev/null 2>&1 || dpkg-statoverride --update --add root knot 0770 /var/lib/knot
+ dpkg-statoverride --list /etc/knot/knot.conf >/dev/null 2>&1 || dpkg-statoverride --update --add root knot 0640 /etc/knot/knot.conf
+ dpkg-statoverride --list /etc/knot >/dev/null 2>&1 || dpkg-statoverride --update --add root knot 0750 /etc/knot
+fi
+
+#DEBHELPER#
+
+exit 0
diff --git a/distro/pkg/deb-noxdp/knot.postrm b/distro/pkg/deb-noxdp/knot.postrm
new file mode 100644
index 0000000..14b3d69
--- /dev/null
+++ b/distro/pkg/deb-noxdp/knot.postrm
@@ -0,0 +1,21 @@
+#!/bin/sh
+set -e
+
+if test "$1" = "purge"; then
+ state_dir=/var/lib/knot
+ for db_name in "catalog" "confdb" "journal" "keys" "timers"; do
+ rm -rf $state_dir/$db_name >/dev/null 2>&1 || true
+ done
+ rmdir $state_dir >/dev/null 2>&1 || true
+ [ -e $state_dir/* ] && echo "Notice: there are still data in ${state_dir}, please check."
+
+ dpkg-statoverride --remove /var/lib/knot >/dev/null 2>&1 || true
+ dpkg-statoverride --remove /etc/knot/knot.conf >/dev/null 2>&1 || true
+ dpkg-statoverride --remove /etc/knot >/dev/null 2>&1 || true
+
+ deluser --quiet knot >/dev/null 2>&1 || true
+fi
+
+#DEBHELPER#
+
+exit 0
diff --git a/distro/pkg/deb-noxdp/knot.service b/distro/pkg/deb-noxdp/knot.service
new file mode 100644
index 0000000..e6c13ed
--- /dev/null
+++ b/distro/pkg/deb-noxdp/knot.service
@@ -0,0 +1,30 @@
+[Unit]
+Description=Knot DNS server
+Wants=network-online.target
+After=network-online.target
+Documentation=man:knotd(8) man:knot.conf(5) man:knotc(8)
+
+[Service]
+Type=notify
+User=knot
+Group=knot
+CapabilityBoundingSet=CAP_NET_BIND_SERVICE CAP_SETPCAP
+AmbientCapabilities=CAP_NET_BIND_SERVICE CAP_SETPCAP
+ExecStartPre=/usr/sbin/knotc conf-check
+ExecStart=/usr/sbin/knotd -m "$KNOT_CONF_MAX_SIZE"
+ExecReload=/bin/kill -HUP $MAINPID
+Restart=on-abort
+LimitNOFILE=1048576
+TimeoutStopSec=300
+# Extend the systemd startup timeout by this value (seconds) for each zone
+Environment="KNOT_ZONE_LOAD_TIMEOUT_SEC=180"
+# Maximum size (MiB) of a configuration database
+Environment="KNOT_CONF_MAX_SIZE=512"
+
+# Expected systemd >= v239
+RuntimeDirectory=knot
+StateDirectory=knot
+NoNewPrivileges=yes
+
+[Install]
+WantedBy=multi-user.target
diff --git a/distro/pkg/deb-noxdp/libdnssec9.install b/distro/pkg/deb-noxdp/libdnssec9.install
new file mode 100644
index 0000000..17a9fe6
--- /dev/null
+++ b/distro/pkg/deb-noxdp/libdnssec9.install
@@ -0,0 +1 @@
+usr/lib/*/libdnssec.so.*
diff --git a/distro/pkg/deb-noxdp/libdnssec9.symbols b/distro/pkg/deb-noxdp/libdnssec9.symbols
new file mode 100644
index 0000000..c3ab2ed
--- /dev/null
+++ b/distro/pkg/deb-noxdp/libdnssec9.symbols
@@ -0,0 +1,96 @@
+libdnssec.so.9 libdnssec9 #MINVER#
+* Build-Depends-Package: libknot-dev
+ dnssec_algorithm_digest_support@Base 3.2.0
+ dnssec_algorithm_key_size_check@Base 3.2.0
+ dnssec_algorithm_key_size_default@Base 3.2.0
+ dnssec_algorithm_key_size_range@Base 3.2.0
+ dnssec_algorithm_key_support@Base 3.2.0
+ dnssec_algorithm_reproducible@Base 3.2.0
+ dnssec_binary_alloc@Base 3.2.0
+ dnssec_binary_cmp@Base 3.2.0
+ dnssec_binary_dup@Base 3.2.0
+ dnssec_binary_free@Base 3.2.0
+ dnssec_binary_from_base64@Base 3.2.0
+ dnssec_binary_resize@Base 3.2.0
+ dnssec_binary_to_base64@Base 3.2.0
+ dnssec_crypto_cleanup@Base 3.2.0
+ dnssec_crypto_init@Base 3.2.0
+ dnssec_crypto_reinit@Base 3.2.0
+ dnssec_digest@Base 3.2.0
+ dnssec_digest_finish@Base 3.2.0
+ dnssec_digest_init@Base 3.2.0
+ dnssec_key_can_sign@Base 3.2.0
+ dnssec_key_can_verify@Base 3.2.0
+ dnssec_key_clear@Base 3.2.0
+ dnssec_key_create_ds@Base 3.2.0
+ dnssec_key_dup@Base 3.2.0
+ dnssec_key_free@Base 3.2.0
+ dnssec_key_get_algorithm@Base 3.2.0
+ dnssec_key_get_dname@Base 3.2.0
+ dnssec_key_get_flags@Base 3.2.0
+ dnssec_key_get_keyid@Base 3.2.0
+ dnssec_key_get_keytag@Base 3.2.0
+ dnssec_key_get_protocol@Base 3.2.0
+ dnssec_key_get_pubkey@Base 3.2.0
+ dnssec_key_get_rdata@Base 3.2.0
+ dnssec_key_get_size@Base 3.2.0
+ dnssec_key_load_pkcs8@Base 3.2.0
+ dnssec_key_new@Base 3.2.0
+ dnssec_key_set_algorithm@Base 3.2.0
+ dnssec_key_set_dname@Base 3.2.0
+ dnssec_key_set_flags@Base 3.2.0
+ dnssec_key_set_protocol@Base 3.2.0
+ dnssec_key_set_pubkey@Base 3.2.0
+ dnssec_key_set_rdata@Base 3.2.0
+ dnssec_keyid_copy@Base 3.2.0
+ dnssec_keyid_equal@Base 3.2.0
+ dnssec_keyid_is_valid@Base 3.2.0
+ dnssec_keyid_normalize@Base 3.2.0
+ dnssec_keystore_close@Base 3.2.0
+ dnssec_keystore_deinit@Base 3.2.0
+ dnssec_keystore_generate@Base 3.2.0
+ dnssec_keystore_get_private@Base 3.2.0
+ dnssec_keystore_import@Base 3.2.0
+ dnssec_keystore_init@Base 3.2.0
+ dnssec_keystore_init_pkcs11@Base 3.2.0
+ dnssec_keystore_init_pkcs8@Base 3.2.0
+ dnssec_keystore_open@Base 3.2.0
+ dnssec_keystore_remove@Base 3.2.0
+ dnssec_keystore_set_private@Base 3.2.0
+ dnssec_keytag@Base 3.2.0
+ dnssec_nsec3_hash@Base 3.2.0
+ dnssec_nsec3_hash_length@Base 3.2.0
+ dnssec_nsec3_params_free@Base 3.2.0
+ dnssec_nsec3_params_from_rdata@Base 3.2.0
+ dnssec_nsec3_params_match@Base 3.2.0
+ dnssec_nsec_bitmap_add@Base 3.2.0
+ dnssec_nsec_bitmap_clear@Base 3.2.0
+ dnssec_nsec_bitmap_contains@Base 3.2.0
+ dnssec_nsec_bitmap_free@Base 3.2.0
+ dnssec_nsec_bitmap_new@Base 3.2.0
+ dnssec_nsec_bitmap_size@Base 3.2.0
+ dnssec_nsec_bitmap_write@Base 3.2.0
+ dnssec_pem_from_privkey@Base 3.2.0
+ dnssec_pem_from_x509@Base 3.2.0
+ dnssec_pem_to_privkey@Base 3.2.0
+ dnssec_pem_to_x509@Base 3.2.0
+ dnssec_random_binary@Base 3.2.0
+ dnssec_random_buffer@Base 3.2.0
+ dnssec_sign_add@Base 3.2.0
+ dnssec_sign_free@Base 3.2.0
+ dnssec_sign_init@Base 3.2.0
+ dnssec_sign_new@Base 3.2.0
+ dnssec_sign_verify@Base 3.2.0
+ dnssec_sign_write@Base 3.2.0
+ dnssec_strerror@Base 3.2.0
+ dnssec_tsig_add@Base 3.2.0
+ dnssec_tsig_algorithm_from_dname@Base 3.2.0
+ dnssec_tsig_algorithm_from_name@Base 3.2.0
+ dnssec_tsig_algorithm_size@Base 3.2.0
+ dnssec_tsig_algorithm_to_dname@Base 3.2.0
+ dnssec_tsig_algorithm_to_name@Base 3.2.0
+ dnssec_tsig_free@Base 3.2.0
+ dnssec_tsig_new@Base 3.2.0
+ dnssec_tsig_optimal_key_size@Base 3.2.0
+ dnssec_tsig_size@Base 3.2.0
+ dnssec_tsig_write@Base 3.2.0
diff --git a/distro/pkg/deb-noxdp/libknot-dev.install b/distro/pkg/deb-noxdp/libknot-dev.install
new file mode 100644
index 0000000..cb60d88
--- /dev/null
+++ b/distro/pkg/deb-noxdp/libknot-dev.install
@@ -0,0 +1,3 @@
+usr/include/
+usr/lib/*/*.so
+usr/lib/*/pkgconfig/*
diff --git a/distro/pkg/deb-noxdp/libknot14.install b/distro/pkg/deb-noxdp/libknot14.install
new file mode 100644
index 0000000..f9b9f93
--- /dev/null
+++ b/distro/pkg/deb-noxdp/libknot14.install
@@ -0,0 +1 @@
+usr/lib/*/libknot.so.*
diff --git a/distro/pkg/deb-noxdp/libknot14.symbols b/distro/pkg/deb-noxdp/libknot14.symbols
new file mode 100644
index 0000000..9a30548
--- /dev/null
+++ b/distro/pkg/deb-noxdp/libknot14.symbols
@@ -0,0 +1,225 @@
+libknot.so.14 libknot14 #MINVER#
+ KNOT_DB_LMDB_DUPSORT@Base 3.3.0
+ KNOT_DB_LMDB_INTEGERKEY@Base 3.3.0
+ KNOT_DB_LMDB_MAPASYNC@Base 3.3.0
+ KNOT_DB_LMDB_NOSYNC@Base 3.3.0
+ KNOT_DB_LMDB_NOTLS@Base 3.3.0
+ KNOT_DB_LMDB_RDONLY@Base 3.3.0
+ KNOT_DB_LMDB_WRITEMAP@Base 3.3.0
+ KNOT_DUMP_STYLE_DEFAULT@Base 3.3.0
+ knot_ctl_accept@Base 3.3.0
+ knot_ctl_alloc@Base 3.3.0
+ knot_ctl_bind@Base 3.3.0
+ knot_ctl_close@Base 3.3.0
+ knot_ctl_connect@Base 3.3.0
+ knot_ctl_free@Base 3.3.0
+ knot_ctl_receive@Base 3.3.0
+ knot_ctl_send@Base 3.3.0
+ knot_ctl_set_timeout@Base 3.3.0
+ knot_ctl_unbind@Base 3.3.0
+ knot_db_lmdb_api@Base 3.3.0
+ knot_db_lmdb_del_exact@Base 3.3.0
+ knot_db_lmdb_get_mapsize@Base 3.3.0
+ knot_db_lmdb_get_path@Base 3.3.0
+ knot_db_lmdb_get_usage@Base 3.3.0
+ knot_db_lmdb_iter_del@Base 3.3.0
+ knot_db_lmdb_txn_begin@Base 3.3.0
+ knot_db_trie_api@Base 3.3.0
+ knot_dname_cmp@Base 3.3.0
+ knot_dname_copy@Base 3.3.0
+ knot_dname_copy_lower@Base 3.3.0
+ knot_dname_free@Base 3.3.0
+ knot_dname_from_str@Base 3.3.0
+ knot_dname_in_bailiwick@Base 3.3.0
+ knot_dname_is_case_equal@Base 3.3.0
+ knot_dname_is_equal@Base 3.3.0
+ knot_dname_labels@Base 3.3.0
+ knot_dname_lf@Base 3.3.0
+ knot_dname_matched_labels@Base 3.3.0
+ knot_dname_prefixlen@Base 3.3.0
+ knot_dname_realsize@Base 3.3.0
+ knot_dname_replace_suffix@Base 3.3.0
+ knot_dname_size@Base 3.3.0
+ knot_dname_store@Base 3.3.0
+ knot_dname_to_lower@Base 3.3.0
+ knot_dname_to_str@Base 3.3.0
+ knot_dname_to_wire@Base 3.3.0
+ knot_dname_unpack@Base 3.3.0
+ knot_dname_wire_check@Base 3.3.0
+ knot_dnssec_alg_names@Base 3.3.0
+ knot_edns_add_option@Base 3.3.0
+ knot_edns_alignment_size@Base 3.3.0
+ knot_edns_chain_parse@Base 3.3.0
+ knot_edns_chain_size@Base 3.3.0
+ knot_edns_chain_write@Base 3.3.0
+ knot_edns_client_subnet_get_addr@Base 3.3.0
+ knot_edns_client_subnet_parse@Base 3.3.0
+ knot_edns_client_subnet_set_addr@Base 3.3.0
+ knot_edns_client_subnet_size@Base 3.3.0
+ knot_edns_client_subnet_write@Base 3.3.0
+ knot_edns_cookie_client_check@Base 3.3.0
+ knot_edns_cookie_client_generate@Base 3.3.0
+ knot_edns_cookie_parse@Base 3.3.0
+ knot_edns_cookie_server_check@Base 3.3.0
+ knot_edns_cookie_server_generate@Base 3.3.0
+ knot_edns_cookie_size@Base 3.3.0
+ knot_edns_cookie_write@Base 3.3.0
+ knot_edns_ede_names@Base 3.3.0
+ knot_edns_get_ext_rcode@Base 3.3.0
+ knot_edns_get_option@Base 3.3.0
+ knot_edns_get_options@Base 3.3.0
+ knot_edns_get_version@Base 3.3.0
+ knot_edns_init@Base 3.3.0
+ knot_edns_keepalive_parse@Base 3.3.0
+ knot_edns_keepalive_size@Base 3.3.0
+ knot_edns_keepalive_write@Base 3.3.0
+ knot_edns_opt_names@Base 3.3.0
+ knot_edns_reserve_option@Base 3.3.0
+ knot_edns_set_ext_rcode@Base 3.3.0
+ knot_edns_set_version@Base 3.3.0
+ knot_error_from_libdnssec@Base 3.3.0
+ knot_get_obsolete_rdata_descriptor@Base 3.3.0
+ knot_get_rdata_descriptor@Base 3.3.0
+ knot_naptr_header_size@Base 3.3.0
+ knot_opcode_names@Base 3.3.0
+ knot_opt_code_to_string@Base 3.3.0
+ knot_pkt_begin@Base 3.3.0
+ knot_pkt_clear@Base 3.3.0
+ knot_pkt_copy@Base 3.3.0
+ knot_pkt_ext_rcode@Base 3.3.0
+ knot_pkt_ext_rcode_name@Base 3.3.0
+ knot_pkt_free@Base 3.3.0
+ knot_pkt_init_response@Base 3.3.0
+ knot_pkt_new@Base 3.3.0
+ knot_pkt_parse@Base 3.3.0
+ knot_pkt_parse_question@Base 3.3.0
+ knot_pkt_put_question@Base 3.3.0
+ knot_pkt_put_rotate@Base 3.3.0
+ knot_pkt_reclaim@Base 3.3.0
+ knot_pkt_reserve@Base 3.3.0
+ knot_probe_alloc@Base 3.3.0
+ knot_probe_consume@Base 3.3.0
+ knot_probe_data_set@Base 3.3.0
+ knot_probe_fd@Base 3.3.0
+ knot_probe_free@Base 3.3.0
+ knot_probe_produce@Base 3.3.0
+ knot_probe_set_consumer@Base 3.3.0
+ knot_probe_set_producer@Base 3.3.0
+ knot_probe_tcp_rtt@Base 3.3.0
+ knot_rcode_names@Base 3.3.0
+ knot_rdataset_add@Base 3.3.0
+ knot_rdataset_at@Base 3.3.0
+ knot_rdataset_clear@Base 3.3.0
+ knot_rdataset_copy@Base 3.3.0
+ knot_rdataset_eq@Base 3.3.0
+ knot_rdataset_intersect@Base 3.3.0
+ knot_rdataset_intersect2@Base 3.3.0
+ knot_rdataset_member@Base 3.3.0
+ knot_rdataset_merge@Base 3.3.0
+ knot_rdataset_subset@Base 3.3.0
+ knot_rdataset_subtract@Base 3.3.0
+ knot_rrclass_from_string@Base 3.3.0
+ knot_rrclass_to_string@Base 3.3.0
+ knot_rrset_add_rdata@Base 3.3.0
+ knot_rrset_clear@Base 3.3.0
+ knot_rrset_copy@Base 3.3.0
+ knot_rrset_equal@Base 3.3.0
+ knot_rrset_free@Base 3.3.0
+ knot_rrset_is_nsec3rel@Base 3.3.0
+ knot_rrset_new@Base 3.3.0
+ knot_rrset_rr_from_wire@Base 3.3.0
+ knot_rrset_rr_to_canonical@Base 3.3.0
+ knot_rrset_size@Base 3.3.0
+ knot_rrset_to_wire_extra@Base 3.3.0
+ knot_rrset_txt_dump@Base 3.3.0
+ knot_rrset_txt_dump_data@Base 3.3.0
+ knot_rrset_txt_dump_edns@Base 3.3.0
+ knot_rrset_txt_dump_header@Base 3.3.0
+ knot_rrtype_additional_needed@Base 3.3.0
+ knot_rrtype_from_string@Base 3.3.0
+ knot_rrtype_is_dnssec@Base 3.3.0
+ knot_rrtype_is_metatype@Base 3.3.0
+ knot_rrtype_should_be_lowercased@Base 3.3.0
+ knot_rrtype_to_string@Base 3.3.0
+ knot_strerror@Base 3.3.0
+ knot_svcb_param_names@Base 3.3.0
+ knot_tcp_inbufs_upd@Base 3.3.0
+ knot_tcp_outbufs_ack@Base 3.3.0
+ knot_tcp_outbufs_add@Base 3.3.0
+ knot_tcp_outbufs_can_send@Base 3.3.0
+ knot_tcp_outbufs_usage@Base 3.3.0
+ knot_tsig_add@Base 3.3.0
+ knot_tsig_append@Base 3.3.0
+ knot_tsig_client_check@Base 3.3.0
+ knot_tsig_client_check_next@Base 3.3.0
+ knot_tsig_create_rdata@Base 3.3.0
+ knot_tsig_key_copy@Base 3.3.0
+ knot_tsig_key_deinit@Base 3.3.0
+ knot_tsig_key_init@Base 3.3.0
+ knot_tsig_key_init_file@Base 3.3.0
+ knot_tsig_key_init_str@Base 3.3.0
+ knot_tsig_rcode_names@Base 3.3.0
+ knot_tsig_rdata_alg@Base 3.3.0
+ knot_tsig_rdata_alg_name@Base 3.3.0
+ knot_tsig_rdata_error@Base 3.3.0
+ knot_tsig_rdata_fudge@Base 3.3.0
+ knot_tsig_rdata_is_ok@Base 3.3.0
+ knot_tsig_rdata_mac@Base 3.3.0
+ knot_tsig_rdata_mac_length@Base 3.3.0
+ knot_tsig_rdata_orig_id@Base 3.3.0
+ knot_tsig_rdata_other_data@Base 3.3.0
+ knot_tsig_rdata_other_data_length@Base 3.3.0
+ knot_tsig_rdata_set_fudge@Base 3.3.0
+ knot_tsig_rdata_set_mac@Base 3.3.0
+ knot_tsig_rdata_set_orig_id@Base 3.3.0
+ knot_tsig_rdata_set_other_data@Base 3.3.0
+ knot_tsig_rdata_set_time_signed@Base 3.3.0
+ knot_tsig_rdata_time_signed@Base 3.3.0
+ knot_tsig_rdata_tsig_timers_length@Base 3.3.0
+ knot_tsig_rdata_tsig_variables_length@Base 3.3.0
+ knot_tsig_server_check@Base 3.3.0
+ knot_tsig_sign@Base 3.3.0
+ knot_tsig_sign_next@Base 3.3.0
+ knot_tsig_wire_maxsize@Base 3.3.0
+ knot_tsig_wire_size@Base 3.3.0
+ yp_addr@Base 3.3.0
+ yp_addr_noport@Base 3.3.0
+ yp_addr_noport_to_bin@Base 3.3.0
+ yp_addr_noport_to_txt@Base 3.3.0
+ yp_addr_range_to_bin@Base 3.3.0
+ yp_addr_range_to_txt@Base 3.3.0
+ yp_addr_to_bin@Base 3.3.0
+ yp_addr_to_txt@Base 3.3.0
+ yp_base64_to_bin@Base 3.3.0
+ yp_base64_to_txt@Base 3.3.0
+ yp_bool_to_bin@Base 3.3.0
+ yp_bool_to_txt@Base 3.3.0
+ yp_deinit@Base 3.3.0
+ yp_dname_to_bin@Base 3.3.0
+ yp_dname_to_txt@Base 3.3.0
+ yp_format_id@Base 3.3.0
+ yp_format_key0@Base 3.3.0
+ yp_format_key1@Base 3.3.0
+ yp_hex_to_bin@Base 3.3.0
+ yp_hex_to_txt@Base 3.3.0
+ yp_init@Base 3.3.0
+ yp_int_to_bin@Base 3.3.0
+ yp_int_to_txt@Base 3.3.0
+ yp_item_to_bin@Base 3.3.0
+ yp_item_to_txt@Base 3.3.0
+ yp_option_to_bin@Base 3.3.0
+ yp_option_to_txt@Base 3.3.0
+ yp_parse@Base 3.3.0
+ yp_schema_check_deinit@Base 3.3.0
+ yp_schema_check_init@Base 3.3.0
+ yp_schema_check_parser@Base 3.3.0
+ yp_schema_check_str@Base 3.3.0
+ yp_schema_copy@Base 3.3.0
+ yp_schema_find@Base 3.3.0
+ yp_schema_free@Base 3.3.0
+ yp_schema_merge@Base 3.3.0
+ yp_schema_purge_dynamic@Base 3.3.0
+ yp_set_input_file@Base 3.3.0
+ yp_set_input_string@Base 3.3.0
+ yp_str_to_bin@Base 3.3.0
+ yp_str_to_txt@Base 3.3.0
diff --git a/distro/pkg/deb-noxdp/libzscanner4.install b/distro/pkg/deb-noxdp/libzscanner4.install
new file mode 100644
index 0000000..a8dc226
--- /dev/null
+++ b/distro/pkg/deb-noxdp/libzscanner4.install
@@ -0,0 +1 @@
+usr/lib/*/libzscanner.so.*
diff --git a/distro/pkg/deb-noxdp/libzscanner4.symbols b/distro/pkg/deb-noxdp/libzscanner4.symbols
new file mode 100644
index 0000000..99ac3b7
--- /dev/null
+++ b/distro/pkg/deb-noxdp/libzscanner4.symbols
@@ -0,0 +1,12 @@
+libzscanner.so.4 libzscanner4 #MINVER#
+* Build-Depends-Package: libknot-dev
+ zs_deinit@Base 3.1.0
+ zs_errorname@Base 3.1.0
+ zs_init@Base 3.1.0
+ zs_parse_all@Base 3.1.0
+ zs_parse_record@Base 3.1.0
+ zs_set_input_file@Base 3.1.0
+ zs_set_input_string@Base 3.1.0
+ zs_set_processing@Base 3.1.0
+ zs_set_processing_comment@Base 3.1.0
+ zs_strerror@Base 3.1.0
diff --git a/distro/pkg/deb-noxdp/not-installed b/distro/pkg/deb-noxdp/not-installed
new file mode 100644
index 0000000..c928be1
--- /dev/null
+++ b/distro/pkg/deb-noxdp/not-installed
@@ -0,0 +1 @@
+etc/knot/example.com.zone
diff --git a/distro/pkg/deb-noxdp/prepare-environment b/distro/pkg/deb-noxdp/prepare-environment
new file mode 100755
index 0000000..7176f5e
--- /dev/null
+++ b/distro/pkg/deb-noxdp/prepare-environment
@@ -0,0 +1,38 @@
+#!/bin/sh
+
+set -eu
+
+CONFFILE=${1:-/etc/knot/knot.conf}
+
+if [ ! -r $CONFFILE ]; then
+ echo "$CONFFILE doesn't exist or has wrong permissions."
+ exit 1;
+fi
+
+KNOT_RUNDIR=$(sed -ne "s/#.*$//;s/.*rundir: \"*\([^\";]*\\).*/\\1/p;" $CONFFILE)
+[ -z "$KNOT_RUNDIR" ] && KNOT_RUNDIR=/run/knot
+
+mkdir --parents "$KNOT_RUNDIR";
+
+KNOT_USER=$(sed -ne "s/#.*$//;s/.*user:[ \"]*\\([^\\:\"]*\\)[ \"]*/\\1/p;" $CONFFILE)
+
+if [ -n "$KNOT_USER" ]; then
+ if ! getent passwd $KNOT_USER >/dev/null; then
+ echo "Configured user '$KNOT_USER' doesn't exist."
+ exit 1
+ fi
+
+ KNOT_GROUP=$(sed -ne "s/#.*$//;s/.*user:[ \"]*[^\\:\"]*\\:\\([^\"]*\\)[ \"]*/\\1/p;" $CONFFILE)
+ if [ -z "$KNOT_GROUP" ]; then
+ KNOT_GROUP=$(getent group $(getent passwd "$KNOT_USER" | cut -f 4 -d :) | cut -f 1 -d :)
+ fi
+
+ if ! getent group $KNOT_GROUP >/dev/null; then
+ echo "Configured group '$KNOT_GROUP' doesn't exist."
+ exit 1
+ fi
+ chown --silent "$KNOT_USER:$KNOT_GROUP" "$KNOT_RUNDIR"
+ chmod 775 "$KNOT_RUNDIR"
+fi
+
+:
diff --git a/distro/pkg/deb-noxdp/python3-libknot.install b/distro/pkg/deb-noxdp/python3-libknot.install
new file mode 100644
index 0000000..ce92dec
--- /dev/null
+++ b/distro/pkg/deb-noxdp/python3-libknot.install
@@ -0,0 +1,2 @@
+usr/lib/python3*/dist-packages/libknot-*.egg-info
+usr/lib/python3*/dist-packages/libknot/*.py
diff --git a/distro/pkg/deb-noxdp/rules b/distro/pkg/deb-noxdp/rules
new file mode 100755
index 0000000..2372f70
--- /dev/null
+++ b/distro/pkg/deb-noxdp/rules
@@ -0,0 +1,95 @@
+#!/usr/bin/make -f
+
+export DEB_BUILD_MAINT_OPTIONS = hardening=+all
+export DEB_CFLAGS_MAINT_APPEND = -Wall -DNDEBUG
+export DEB_LDFLAGS_MAINT_APPEND = -Wl,--as-needed
+
+export DPKG_GENSYMBOLS_CHECK_LEVEL := 4
+export KNOT_SOFTHSM2_DSO = /usr/lib/softhsm/libsofthsm2.so
+
+include /usr/share/dpkg/default.mk
+
+ifeq (maint,$(filter $(DEB_BUILD_OPTIONS),maint))
+ FASTPARSER := --disable-fastparser
+else
+ FASTPARSER := --enable-fastparser
+endif
+
+ifeq ($(DEB_HOST_ARCH),$(filter $(DEB_HOST_ARCH),hurd-i386))
+ RECVMMSG:=--enable-recvmmsg=no
+else
+ RECVMMSG:=--enable-recvmmsg=yes
+endif
+
+ifeq ($(DEB_HOST_ARCH),$(filter $(DEB_HOST_ARCH),amd64 i386))
+ RUN_TEST :=
+else
+ RUN_TEST := -timeout --kill-after=5s 5m
+endif
+
+LIBKNOT_SYMBOLS := $(wildcard $(CURDIR)/debian/libknot*.symbols)
+
+# MAJOR.MINOR version part
+BASE_VERSION := $(shell echo $(DEB_VERSION) | sed 's/^\([^.]\+\.[^.]\+\).*/\1/')
+
+# pyproject is supported by knot but fails on second `pybuild --build`
+# invocation due to bug in dh-python's plugin_pyproject.py wheel unpack
+export PYBUILD_SYSTEM = distutils
+
+
+%:
+ dh $@ \
+ --exclude=.la --exclude=example.com.zone \
+ --with python3
+
+override_dh_auto_configure:
+ dh_auto_configure -- \
+ --sysconfdir=/etc \
+ --localstatedir=/var/lib \
+ --libexecdir=/usr/lib/knot \
+ --with-rundir=/run/knot \
+ --with-moduledir=/usr/lib/$(DEB_HOST_MULTIARCH)/knot/modules-$(BASE_VERSION) \
+ --with-storage=/var/lib/knot \
+ --enable-systemd=auto \
+ --enable-dnstap \
+ --with-module-dnstap=shared \
+ --with-module-geoip=shared \
+ $(RECVMMSG) \
+ $(FASTPARSER) \
+ --disable-silent-rules \
+ --disable-static
+
+override_dh_auto_configure-indep:
+ pybuild --dir python/libknot --configure
+ pybuild --dir python/knot_exporter --configure
+
+override_dh_auto_build-indep:
+ dh_auto_build -- html
+ pybuild --dir python/libknot --build
+ pybuild --dir python/knot_exporter --build
+
+override_dh_auto_install-arch:
+ dh_auto_install -- install
+ # rename knot.sample.conf to knot.conf
+ mv $(CURDIR)/debian/tmp/etc/knot/knot.sample.conf $(CURDIR)/debian/tmp/etc/knot/knot.conf
+
+override_dh_auto_install-indep:
+ dh_auto_install -- install-html
+ # rename knot.sample.conf to knot.conf
+ mv $(CURDIR)/debian/tmp/etc/knot/knot.sample.conf $(CURDIR)/debian/tmp/etc/knot/knot.conf
+ pybuild --dir python/libknot --install
+ pybuild --dir python/knot_exporter --install
+ rm -rf $(CURDIR)/debian/tmp/usr/lib/python*/dist-packages/libknot/__pycache__
+ rm -rf $(CURDIR)/debian/tmp/usr/lib/python*/dist-packages/knot_exporter/__pycache__
+
+override_dh_auto_test-indep:
+override_dh_auto_test-arch:
+ifeq (,$(filter nocheck,$(DEB_BUILD_OPTIONS)))
+ $(RUN_TEST) dh_auto_test
+endif
+
+override_dh_missing:
+ dh_missing --fail-missing
+
+override_dh_installchangelogs:
+ dh_installchangelogs NEWS
diff --git a/distro/pkg/deb-noxdp/source/format b/distro/pkg/deb-noxdp/source/format
new file mode 100644
index 0000000..163aaf8
--- /dev/null
+++ b/distro/pkg/deb-noxdp/source/format
@@ -0,0 +1 @@
+3.0 (quilt)
diff --git a/distro/pkg/deb-noxdp/tests/authoritative-server b/distro/pkg/deb-noxdp/tests/authoritative-server
new file mode 100755
index 0000000..028dfbf
--- /dev/null
+++ b/distro/pkg/deb-noxdp/tests/authoritative-server
@@ -0,0 +1,150 @@
+#!/bin/bash
+
+# Author: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
+# 2018-11-02
+# License: GPLv3+
+
+# error on exit
+set -e
+# for handling jobspecs:
+set -m
+
+if [ -z "$AUTOPKGTEST_ARTIFACTS" ]; then
+ d="$(mktemp -d)"
+ remove="$d"
+else
+ d="$AUTOPKGTEST_ARTIFACTS"
+fi
+ip="${TESTIP:-127.$(( $RANDOM % 256 )).$(( $RANDOM % 256 )).$(( $RANDOM % 256 ))}"
+port="${PORT:-8123}"
+knotc="${KNOTC:-/usr/sbin/knotc}"
+knotd="${KNOTD:-/usr/sbin/knotd}"
+keymgr="${KEYMGR:-/usr/sbin/keymgr}"
+kdig="${KDIG:-$(command -v kdig)}"
+kzonecheck="${KZONECHECK:-$(command -v kzonecheck)}"
+test_address="${TEST_ADDRESS:-192.0.2.199}"
+
+declare -a knot_conf="--config=$d/knot.conf"
+declare -a knot_args=("$knot_conf" --verbose)
+
+printf "%s + %s roundtrip tests\n------------\n workdir: %s\n IP addr: %s\n knot args: %s\n" "$knotd" "$kdig" "$d" "$ip" "${knot_args[*]}"
+
+section() {
+ printf "\n%s\n" "$1"
+ sed 's/./-/g' <<<"$1"
+}
+
+cleanup () {
+ section "cleaning up"
+ find "$d" -ls
+ "${knotc}" "${knot_args[@]}" stop
+ wait %1
+ tail -n +1 -v "$d"/*.err
+ if [ "$remove" ]; then
+ printf "\ncleaning up working directory %s\n" "$remove"
+ rm -rf "$remove"
+ fi
+}
+trap cleanup EXIT
+
+section "set up config file and zonefile"
+
+user=$(id -nu)
+group=$(id -ng)
+cat > "$d/knot.conf" <<EOF
+server:
+ rundir: "$d"
+ listen: $ip@$port
+ user: $user:$group
+database:
+ storage: "$d"
+template:
+ - id: default
+ storage: "$d"
+ file: "%s.zone"
+zone:
+ - domain: example.net
+ dnssec-signing: on
+EOF
+
+cat > "$d/example.net.zone" <<EOF
+@ 1D IN SOA a.ns hostmaster 2018103100 3h 15m 1w 1d
+@ 1D IN NS a.ns.example.net.
+@ 1D IN NS b.ns.example.net.
+a.ns 1D IN A 192.0.2.1
+b.ns 1D IN A 192.0.2.2
+test 1D IN A $test_address
+EOF
+
+find "$d" -maxdepth 1 -type f -print0 | xargs -0 tail -n +1 -v
+
+mkdir -p "${d}"
+
+section "kzonecheck'ing zonefile"
+"${kzonecheck}" -v "$d/example.net.zone"
+
+section "launching knot"
+"${knotd}" "${knot_args[@]}" 2> "$d/knotd.err" &
+
+# FIXME: this is an annoying poll -- would be better if we could be
+# alerted when the daemon is done setting up the socket, but i don't
+# want to "--daemonize" if i can avoid it because i want the shell to
+# remain in direct supervision of all its processes
+tried=0
+while [ $tried -lt 10 ] ; do
+ if "${knotc}" "${knot_args[@]}" status 2>&1; then
+ break;
+ fi
+ sleep 0.5
+ tried=$(( $tried + 1 ))
+done
+if [ $tried -ge 10 ]; then
+ printf "failed to use %s\n" "${knotc}" >&2
+ exit 1
+fi
+
+section "querying knot"
+"${kdig}" -p "${port}" @"${ip}" -t A test.example.net test2.example.net
+answer="$("${kdig}" +short -p "${port}" @"${ip}" -t A test.example.net)"
+if ! [ "$answer" = "$test_address" ]; then
+ printf "test.example.net mismatch!\nexpected: %s\n got: %s\n" "$test_address" "$answer" >&2
+ exit 1
+fi
+answer2="$("${kdig}" +short -p "${port}" @"${ip}" -t A test2.example.net)"
+if ! [ "$answer2" = "" ]; then
+ printf "test2.example.net gave unexpected answer!\n got: %s\n" "$answer2" >&2
+ exit 1
+fi
+
+section "modifying zone"
+printf "test2 1D IN A $test_address\n" >>"$d/example.net.zone"
+sed -i 's/^@ 1D IN SOA.*/@ 1D IN SOA a.ns hostmaster 2018110100 3h 15m 1w 1d/' "$d/example.net.zone"
+"${knotc}" "${knot_args[@]}" reload
+sleep 1
+
+section "querying again"
+"${kdig}" -p "${port}" @"${ip}" -t A test.example.net test2.example.net
+answer="$("${kdig}" +short -p "${port}" @"${ip}" -t A test.example.net)"
+if ! [ "$answer" = "$test_address" ]; then
+ printf "test.example.net mismatch!\nexpected: %s\n got: %s\n" "$test_address" "$answer" >&2
+ exit 1
+fi
+answer2="$("${kdig}" +short -p "${port}" @"${ip}" -t A test2.example.net)"
+if ! [ "$answer2" = "$test_address" ]; then
+ printf "test2.example.net mismatch!\nexpected: %s\n got: %s\n" "$test_address" "$answer2" >&2
+ exit 1
+fi
+
+section "querying DNSSEC"
+"${kdig}" -p "${port}" @"${ip}" -t DNSKEY example.net. +dnssec
+if ! "${kdig}" -p "${port}" @"${ip}" -t DNSKEY example.net. +dnssec 2>&1 | grep -q "RRSIG[[:space:]]*DNSKEY"; then
+ printf "DNSSEC query not successful" >&2
+ exit 1
+fi
+
+section "listing keys with keymgr"
+"${keymgr}" "$knot_conf" -e example.net. list
+if ! "${keymgr}" "$knot_conf" -e example.net. list 2>&1 | grep -q "ksk=yes"; then
+ printf "keymgr did not list KSK as expected" >&2
+ exit 1
+fi
diff --git a/distro/pkg/deb-noxdp/tests/control b/distro/pkg/deb-noxdp/tests/control
new file mode 100644
index 0000000..e8b3dcb
--- /dev/null
+++ b/distro/pkg/deb-noxdp/tests/control
@@ -0,0 +1,13 @@
+Tests: kdig
+Restrictions: skippable
+Depends:
+ ca-certificates,
+ iputils-ping,
+ knot-dnsutils,
+
+Tests: authoritative-server
+Depends:
+ findutils,
+ knot,
+ knot-dnsutils,
+ knot-dnssecutils,
diff --git a/distro/pkg/deb-noxdp/tests/kdig b/distro/pkg/deb-noxdp/tests/kdig
new file mode 100755
index 0000000..f1dbe5a
--- /dev/null
+++ b/distro/pkg/deb-noxdp/tests/kdig
@@ -0,0 +1,14 @@
+#!/bin/bash
+
+set -e
+
+# Skip the test if no internet access
+ping -c1 1.1.1.1 2>&1 || exit 77
+
+expected=198.41.0.4
+answer=$(kdig +short +tls-ca @1.1.1.1 -q a.root-servers.net. -t A 2>&1 || true)
+
+if [ "$answer" != "$expected" ]; then
+ printf "expected: %s\ngot: %s\n" "$expected" "$answer" >&2
+ kdig -d +tls-ca @1.1.1.1 -q a.root-servers.net. -t A
+fi
diff --git a/distro/pkg/deb-noxdp/ufw/knot b/distro/pkg/deb-noxdp/ufw/knot
new file mode 100644
index 0000000..ee36916
--- /dev/null
+++ b/distro/pkg/deb-noxdp/ufw/knot
@@ -0,0 +1,4 @@
+[Knot]
+title=Internet Domain Name Server
+description=The Knot DNS implements an Internet domain name server.
+ports=53
diff --git a/distro/pkg/deb-noxdp/watch b/distro/pkg/deb-noxdp/watch
new file mode 100644
index 0000000..7cf9ea1
--- /dev/null
+++ b/distro/pkg/deb-noxdp/watch
@@ -0,0 +1,4 @@
+version=4
+opts=uversionmangle=s/-((alpha|beta|rc)\d*)$/~$1/,pgpsigurlmangle=s/$/.asc/,dversionmangle=s/\+hotfix// \
+https://secure.nic.cz/files/knot-dns/ \
+(?:|.*/)knot(?:[_\-]v?|)(\d\S*)\.(?:tar\.xz|txz|tar\.bz2|tbz2|tar\.gz|tgz)
diff --git a/distro/pkg/deb/changelog b/distro/pkg/deb/changelog
new file mode 100644
index 0000000..123f92b
--- /dev/null
+++ b/distro/pkg/deb/changelog
@@ -0,0 +1,6 @@
+knot ({{ version }}-cznic.{{ release }}) unstable; urgency=medium
+
+ * upstream package
+ * see https://www.knot-dns.cz
+
+ -- Knot DNS <knot-dns@labs.nic.cz> {{ now }}
diff --git a/distro/pkg/deb/clean b/distro/pkg/deb/clean
new file mode 100644
index 0000000..b2a9f3f
--- /dev/null
+++ b/distro/pkg/deb/clean
@@ -0,0 +1,2 @@
+doc/modules
+.pybuild/
diff --git a/distro/pkg/deb/compat b/distro/pkg/deb/compat
new file mode 100644
index 0000000..b4de394
--- /dev/null
+++ b/distro/pkg/deb/compat
@@ -0,0 +1 @@
+11
diff --git a/distro/pkg/deb/control b/distro/pkg/deb/control
new file mode 100644
index 0000000..2fb547a
--- /dev/null
+++ b/distro/pkg/deb/control
@@ -0,0 +1,284 @@
+Source: knot
+Section: net
+Priority: optional
+Maintainer: Knot DNS <knot-dns@labs.nic.cz>
+Uploaders:
+ Jakub Ružička <jakub.ruzicka@nic.cz>,
+ Daniel Salzman <daniel.salzman@nic.cz>,
+Build-Depends-Indep:
+ python3-setuptools,
+ python3-sphinx,
+ python3-sphinx-panels,
+Build-Depends:
+ autoconf,
+ automake,
+ debhelper (>= 11),
+ dh-python,
+ libbpf-dev,
+ libcap-ng-dev,
+ libedit-dev,
+ libfstrm-dev,
+ libgnutls28-dev,
+ libidn2-dev,
+ liblmdb-dev,
+ libmaxminddb-dev,
+ libmnl-dev,
+ libnghttp2-dev,
+ libprotobuf-c-dev,
+ libsofthsm2 <!nocheck>,
+ libsystemd-dev [linux-any] | libsystemd-daemon-dev [linux-any],
+ libsystemd-dev [linux-any] | libsystemd-journal-dev [linux-any],
+ libtool,
+ liburcu-dev,
+ libxdp-dev,
+ pkg-config,
+ protobuf-c-compiler,
+ python3-all,
+Standards-Version: 4.5.0
+Homepage: https://www.knot-dns.cz/
+Vcs-Browser: https://gitlab.nic.cz/knot/knot-dns
+Vcs-Git: https://gitlab.nic.cz/knot/knot-dns.git
+Rules-Requires-Root: no
+
+Package: knot
+Architecture: any
+Depends:
+ adduser,
+ libdnssec9 (= ${binary:Version}),
+ libknot14 (= ${binary:Version}),
+ libzscanner4 (= ${binary:Version}),
+ ${misc:Depends},
+ ${shlibs:Depends},
+Pre-Depends:
+ ${misc:Pre-Depends},
+Suggests:
+ systemd,
+Description: Authoritative domain name server
+ Knot DNS is a fast, authoritative only, high performance, feature
+ full and open source name server.
+ .
+ Knot DNS is developed by CZ.NIC Labs, the R&D department of .CZ
+ registry and hence is well suited to run anything from the root
+ zone, the top-level domain, to many smaller standard domain names.
+
+Package: libknot14
+Architecture: any
+Depends:
+ ${misc:Depends},
+ ${shlibs:Depends},
+Section: libs
+Description: DNS shared library from Knot DNS
+ Knot DNS is a fast, authoritative only, high performance, feature
+ full and open source name server.
+ .
+ Knot DNS is developed by CZ.NIC Labs, the R&D department of .CZ
+ registry and hence is well suited to run anything from the root
+ zone, the top-level domain, to many smaller standard domain names.
+ .
+ This package provides a DNS shared library used by Knot DNS and
+ Knot Resolver.
+
+Package: libzscanner4
+Architecture: any
+Depends:
+ ${misc:Depends},
+ ${shlibs:Depends},
+Section: libs
+Description: DNS zone-parsing shared library from Knot DNS
+ Knot DNS is a fast, authoritative only, high performance, feature
+ full and open source name server.
+ .
+ Knot DNS is developed by CZ.NIC Labs, the R&D department of .CZ
+ registry and hence is well suited to run anything from the root
+ zone, the top-level domain, to many smaller standard domain names.
+ .
+ This package provides a fast zone parser shared library used by Knot
+ DNS and Knot Resolver.
+
+Package: libdnssec9
+Architecture: any
+Depends:
+ ${misc:Depends},
+ ${shlibs:Depends},
+Section: libs
+Description: DNSSEC shared library from Knot DNS
+ Knot DNS is a fast, authoritative only, high performance, feature
+ full and open source name server.
+ .
+ Knot DNS is developed by CZ.NIC Labs, the R&D department of .CZ
+ registry and hence is well suited to run anything from the root
+ zone, the top-level domain, to many smaller standard domain names.
+ .
+ This package provides common DNSSEC shared library used by Knot DNS
+ and Knot Resolver.
+
+Package: libknot-dev
+Architecture: any
+Depends:
+ libdnssec9 (= ${binary:Version}),
+ libgnutls28-dev,
+ libknot14 (= ${binary:Version}),
+ libzscanner4 (= ${binary:Version}),
+ ${misc:Depends},
+Section: libdevel
+Description: Knot DNS shared library development files
+ Knot DNS is a fast, authoritative only, high performance, feature
+ full and open source name server.
+ .
+ Knot DNS is developed by CZ.NIC Labs, the R&D department of .CZ
+ registry and hence is well suited to run anything from the root
+ zone, the top-level domain, to many smaller standard domain names.
+ .
+ This package provides development files for shared libraries from Knot DNS.
+
+Package: knot-dnsutils
+Architecture: any
+Depends:
+ libdnssec9 (= ${binary:Version}),
+ libknot14 (= ${binary:Version}),
+ libzscanner4 (= ${binary:Version}),
+ ${misc:Depends},
+ ${shlibs:Depends},
+Description: DNS clients provided with Knot DNS (kdig, knsupdate)
+ Knot DNS is a fast, authoritative only, high performance, feature
+ full and open source name server.
+ .
+ Knot DNS is developed by CZ.NIC Labs, the R&D department of .CZ
+ registry and hence is well suited to run anything from the root
+ zone, the top-level domain, to many smaller standard domain names.
+ .
+ This package delivers various DNS client programs from Knot DNS.
+ .
+ - kdig - query a DNS server in various ways
+ - knsupdate - perform dynamic updates (See RFC2136)
+ - kxdpgun - send a DNS query stream over UDP to a DNS server
+ .
+ Those clients were designed to be almost 1:1 compatible with BIND dnsutils,
+ but they provide some enhancements, which are documented.
+ .
+ WARNING: knslookup is not provided as it is considered obsolete.
+
+Package: knot-dnssecutils
+Architecture: any
+Depends:
+ libdnssec9 (= ${binary:Version}),
+ libknot14 (= ${binary:Version}),
+ libzscanner4 (= ${binary:Version}),
+ ${misc:Depends},
+ ${shlibs:Depends},
+Description: DNSSEC tools provided with Knot DNS
+ Knot DNS is a fast, authoritative only, high performance, feature
+ full and open source name server.
+ .
+ Knot DNS is developed by CZ.NIC Labs, the R&D department of .CZ
+ registry and hence is well suited to run anything from the root
+ zone, the top-level domain, to many smaller standard domain names.
+ .
+ This package delivers various DNSSEC tools from Knot DNS.
+ .
+ - kzonecheck
+ - kzonesign
+ - knsec3hash
+
+Package: knot-host
+Architecture: any
+Depends:
+ libdnssec9 (= ${binary:Version}),
+ libknot14 (= ${binary:Version}),
+ libzscanner4 (= ${binary:Version}),
+ ${misc:Depends},
+ ${shlibs:Depends},
+Description: Version of 'host' bundled with Knot DNS
+ Knot DNS is a fast, authoritative only, high performance, feature
+ full and open source name server.
+ .
+ Knot DNS is developed by CZ.NIC Labs, the R&D department of .CZ
+ registry and hence is well suited to run anything from the root
+ zone, the top-level domain, to many smaller standard domain names.
+ .
+ This package provides the 'host' program from Knot DNS. This program is
+ designed to be almost 1:1 compatible with BIND 9.x 'host' program.
+
+Package: knot-module-dnstap
+Architecture: any
+Depends:
+ knot (= ${binary:Version}),
+ ${misc:Depends},
+ ${shlibs:Depends},
+Description: dnstap module for Knot DNS
+ Knot DNS is a fast, authoritative only, high performance, feature
+ full and open source name server.
+ .
+ Knot DNS is developed by CZ.NIC Labs, the R&D department of .CZ
+ registry and hence is well suited to run anything from the root
+ zone, the top-level domain, to many smaller standard domain names.
+ .
+ This package contains dnstap module for logging DNS traffic.
+
+Package: knot-module-geoip
+Architecture: any
+Depends:
+ knot (= ${binary:Version}),
+ ${misc:Depends},
+ ${shlibs:Depends},
+Description: geoip module for Knot DNS
+ Knot DNS is a fast, authoritative only, high performance, feature
+ full and open source name server.
+ .
+ Knot DNS is developed by CZ.NIC Labs, the R&D department of .CZ
+ registry and hence is well suited to run anything from the root
+ zone, the top-level domain, to many smaller standard domain names.
+ .
+ This package contains geoip module for geography-based responses.
+
+Package: knot-doc
+Architecture: all
+Multi-Arch: foreign
+Depends:
+ libjs-jquery,
+ libjs-sphinxdoc,
+ libjs-underscore,
+ ${misc:Depends},
+Section: doc
+Description: Documentation for Knot DNS
+ Knot DNS is a fast, authoritative only, high performance, feature
+ full and open source name server.
+ .
+ Knot DNS is developed by CZ.NIC Labs, the R&D department of .CZ
+ registry and hence is well suited to run anything from the root
+ zone, the top-level domain, to many smaller standard domain names.
+ .
+ This package provides various documents that are useful for
+ maintaining a working Knot DNS installation.
+
+Package: knot-exporter
+Architecture: all
+Depends:
+ ${misc:Depends},
+ ${python3:Depends},
+Section: python
+Description: Prometheus exporter for Knot DNS
+ Knot DNS is a fast, authoritative only, high performance, feature
+ full and open source name server.
+ .
+ Knot DNS is developed by CZ.NIC Labs, the R&D department of .CZ
+ registry and hence is well suited to run anything from the root
+ zone, the top-level domain, to many smaller standard domain names.
+ .
+ This package provides Python Prometheus exporter for Knot DNS.
+
+Package: python3-libknot
+Architecture: all
+Depends:
+ ${misc:Depends},
+ ${python3:Depends},
+Section: python
+Description: Python bindings for libknot
+ Knot DNS is a fast, authoritative only, high performance, feature
+ full and open source name server.
+ .
+ Knot DNS is developed by CZ.NIC Labs, the R&D department of .CZ
+ registry and hence is well suited to run anything from the root
+ zone, the top-level domain, to many smaller standard domain names.
+ .
+ This package provides Python bindings for the libknot shared library.
diff --git a/distro/pkg/deb/copyright b/distro/pkg/deb/copyright
new file mode 100644
index 0000000..20c8b97
--- /dev/null
+++ b/distro/pkg/deb/copyright
@@ -0,0 +1,179 @@
+Format: https://www.debian.org/doc/packaging-manuals/copyright-format/1.0/
+Upstream-Name: Knot DNS
+Upstream-Contact: knot-dns@labs.nic.cz
+Source: https://secure.nic.cz/files/knot-dns/
+
+Files: *
+Copyright: 2011-2023 CZ.NIC, z.s.p.o. <knot-dns@labs.nic.cz>
+License: GPL-3+
+
+Files: m4/*
+Copyright: 2011-2022 CZ.NIC, z.s.p.o. <knot-dns@labs.nic.cz>
+ 1996-2001, 2003-2015 Free Software Foundation, Inc.
+License: GPL-3+
+
+Files: install-sh
+Copyright: 1994 X Consortium
+License: MIT
+
+Files: debian/* distro/pkg/deb/*
+Copyright: 2011-2023 CZ.NIC, z.s.p.o. <knot-dns@labs.nic.cz>
+ 2011 Ondřej Surý <ondrej@debian.org>
+License: GPL-3+
+
+Files: tests/tap/*
+Copyright: 2000-2001, 2004, 2006-2012 Russ Allbery <rra@stanford.edu>
+ 2006, 2007, 2008, 2013 The Board of Trustees of the Leland Stanford Junior University
+License: MIT
+
+Files: tests/tap/files.*
+Copyright: 2011-2019 CZ.NIC, z.s.p.o. <knot-dns@labs.nic.cz>
+License: GPL-3+
+
+Files: src/contrib/dnstap/*
+Copyright: 2014, Farsight Security, Inc. <software@farsightsecurity.com>
+ 2011-2022 CZ.NIC, z.s.p.o. <knot-dns@labs.nic.cz>
+License: GPL-3+
+
+Files: src/contrib/libngtcp2/*
+Copyright: 2016-2023 ngtcp2 contributors
+ 2012-2017 nghttp2 contributors
+License: MIT
+
+Files: src/contrib/musl/*
+Copyright: 2005-2020 Rich Felker, et al.
+License: MIT
+
+Files: src/contrib/openbsd/siphash.*
+Copyright: 2013 Andre Oppermann <andre@FreeBSD.org>
+License: BSD-3-Clause
+
+Files: src/contrib/openbsd/strl*
+Copyright: 1998 Todd C. Miller <Todd.Miller@courtesan.com>
+License: 0BSD
+
+Files: src/contrib/proxyv2/*
+Copyright: 2022 CZ.NIC, z.s.p.o. <knot-dns@labs.nic.cz>
+ 2021 Fastly, Inc.
+License: GPL-3+
+
+Files: src/contrib/qp-trie/*
+Copyright: 2011-2019 CZ.NIC, z.s.p.o. <knot-dns@labs.nic.cz>
+ 2018 Tony Finch <dot@dotat.at>
+License: GPL-3+
+
+Files: src/contrib/ucw/*
+Copyright: 2011-2022 CZ.NIC, z.s.p.o. <knot-dns@labs.nic.cz>
+ 1997-2017 Martin Mares <mj@ucw.cz>
+ 2007 Pavel Charvat <pchar@ucw.cz>
+ 2012 Ondrej Filip <feela@network.cz>
+License: LGPL-2.0
+
+Files: src/contrib/ucw/heap.h
+Copyright: 2011-2022 CZ.NIC, z.s.p.o. <knot-dns@labs.nic.cz>
+License: GPL-3+
+
+Files: src/contrib/url-parser/*
+Copyright: 2020 Igor Sysoev
+ 2020 Nginx, Inc.
+ 2020 Joyent, Inc.
+License: MIT
+
+Files: src/contrib/vpool/*
+Copyright: 2006, 2008 Alexey Vatchenko <av@bsdua.org>
+License: 0BSD
+
+Files: tests-fuzz/main.c
+Copyright: 2011-2019 CZ.NIC, z.s.p.o. <knot-dns@labs.nic.cz>
+ 2017 Tim Ruehsen
+License: MIT
+
+License: GPL-3+
+ This program is free software: you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation, either version 3 of the License, or
+ (at your option) any later version.
+ .
+ This program is distributed in the hope that it will be useful, but
+ WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ General Public License for more details.
+ .
+ You should have received a copy of the GNU General Public License
+ along with this program. If not, see <https://www.gnu.org/licenses/>.
+ .
+ On Debian systems, the full text of the GNU General Public License
+ version 3 can be found in the file `/usr/share/common-licenses/GPL-3'.
+
+License: LGPL-2.0
+ This library is free software; you can redistribute it and/or
+ modify it under the terms of the GNU Library General Public
+ License as published by the Free Software Foundation; either
+ version 2 of the License, or (at your option) any later version.
+ .
+ This library is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ Library General Public License for more details.
+ .
+ You should have received a copy of the GNU Library General Public
+ License along with this library; if not, write to the
+ Free Software Foundation, Inc., 51 Franklin St, Fifth Floor,
+ Boston, MA 02110-1301, USA.
+
+License: 0BSD
+ Permission to use, copy, modify, and distribute this software for any
+ purpose with or without fee is hereby granted, provided that the above
+ copyright notice and this permission notice appear in all copies.
+ .
+ THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+ WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+ MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+ ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+ WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+ ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+ OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+
+License: BSD-3-Clause
+ Redistribution and use in source and binary forms, with or without modification,
+ are permitted provided that the following conditions are met:
+ 1. Redistributions of source code must retain the above copyright notice, this
+ list of conditions and the following disclaimer.
+ 2. Redistributions in binary form must reproduce the above copyright notice,
+ this list of conditions and the following disclaimer in the documentation
+ and/or other materials provided with the distribution.
+ 3. Neither the name of the copyright holder nor the names of its contributors
+ may be used to endorse or promote products derived from this software without
+ specific prior written permission.
+ .
+ THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
+ ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+ WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
+ IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
+ INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
+ BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+ DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
+ LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
+ OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ OF THE POSSIBILITY OF SUCH DAMAGE.
+
+License: MIT
+ Permission is hereby granted, free of charge, to any person obtaining
+ a copy of this software and associated documentation files (the
+ "Software"), to deal in the Software without restriction, including
+ without limitation the rights to use, copy, modify, merge, publish,
+ distribute, sublicense, and/or sell copies of the Software, and to
+ permit persons to whom the Software is furnished to do so, subject to
+ the following conditions:
+ .
+ The above copyright notice and this permission notice shall be
+ included in all copies or substantial portions of the Software.
+ .
+ THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+ EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+ MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+ NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS
+ BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN
+ ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
+ CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+ SOFTWARE.
diff --git a/distro/pkg/deb/cz.nic.knotd.conf b/distro/pkg/deb/cz.nic.knotd.conf
new file mode 100644
index 0000000..50af87a
--- /dev/null
+++ b/distro/pkg/deb/cz.nic.knotd.conf
@@ -0,0 +1,9 @@
+<!DOCTYPE busconfig PUBLIC "-//freedesktop//DTD D-BUS Bus Configuration 1.0//EN" "http://www.freedesktop.org/standards/dbus/1.0/busconfig.dtd">
+<busconfig>
+ <policy user="knot">
+ <allow own="cz.nic.knotd" />
+ </policy>
+ <policy context="default">
+ <allow receive_sender="cz.nic.knotd" />
+ </policy>
+</busconfig>
diff --git a/distro/pkg/deb/docs b/distro/pkg/deb/docs
new file mode 100644
index 0000000..b43bf86
--- /dev/null
+++ b/distro/pkg/deb/docs
@@ -0,0 +1 @@
+README.md
diff --git a/distro/pkg/deb/knot-dnssecutils.install b/distro/pkg/deb/knot-dnssecutils.install
new file mode 100644
index 0000000..20009e8
--- /dev/null
+++ b/distro/pkg/deb/knot-dnssecutils.install
@@ -0,0 +1,3 @@
+usr/bin/knsec3hash
+usr/bin/kzonecheck
+usr/bin/kzonesign
diff --git a/distro/pkg/deb/knot-dnssecutils.manpages b/distro/pkg/deb/knot-dnssecutils.manpages
new file mode 100644
index 0000000..913c4cb
--- /dev/null
+++ b/distro/pkg/deb/knot-dnssecutils.manpages
@@ -0,0 +1,3 @@
+usr/share/man/man1/knsec3hash.1
+usr/share/man/man1/kzonecheck.1
+usr/share/man/man1/kzonesign.1
diff --git a/distro/pkg/deb/knot-dnsutils.install b/distro/pkg/deb/knot-dnsutils.install
new file mode 100644
index 0000000..e2f2a8a
--- /dev/null
+++ b/distro/pkg/deb/knot-dnsutils.install
@@ -0,0 +1,3 @@
+usr/bin/kdig
+usr/bin/knsupdate
+usr/sbin/kxdpgun
diff --git a/distro/pkg/deb/knot-dnsutils.manpages b/distro/pkg/deb/knot-dnsutils.manpages
new file mode 100644
index 0000000..67254d9
--- /dev/null
+++ b/distro/pkg/deb/knot-dnsutils.manpages
@@ -0,0 +1,3 @@
+usr/share/man/man1/kdig.1
+usr/share/man/man1/knsupdate.1
+usr/share/man/man8/kxdpgun.8
diff --git a/distro/pkg/deb/knot-doc.install b/distro/pkg/deb/knot-doc.install
new file mode 100644
index 0000000..c2a345d
--- /dev/null
+++ b/distro/pkg/deb/knot-doc.install
@@ -0,0 +1 @@
+usr/share/doc/knot/* /usr/share/doc/knot-doc/
diff --git a/distro/pkg/deb/knot-doc.links b/distro/pkg/deb/knot-doc.links
new file mode 100644
index 0000000..1376b3a
--- /dev/null
+++ b/distro/pkg/deb/knot-doc.links
@@ -0,0 +1,5 @@
+usr/share/javascript/jquery/jquery.min.js usr/share/doc/knot-doc/_static/jquery.js
+usr/share/javascript/sphinxdoc/1.0/doctools.js usr/share/doc/knot-doc/_static/doctools.js
+usr/share/javascript/sphinxdoc/1.0/language_data.js usr/share/doc/knot-doc/_static/language_data.js
+usr/share/javascript/sphinxdoc/1.0/searchtools.js usr/share/doc/knot-doc/_static/searchtools.js
+usr/share/javascript/underscore/underscore.min.js usr/share/doc/knot-doc/_static/underscore.js
diff --git a/distro/pkg/deb/knot-exporter.install b/distro/pkg/deb/knot-exporter.install
new file mode 100644
index 0000000..4c2d5ed
--- /dev/null
+++ b/distro/pkg/deb/knot-exporter.install
@@ -0,0 +1,3 @@
+usr/lib/python3*/dist-packages/knot_exporter-*.egg-info
+usr/lib/python3*/dist-packages/knot_exporter/*.py
+usr/bin/knot-exporter /usr/sbin/knot-exporter
diff --git a/distro/pkg/deb/knot-host.install b/distro/pkg/deb/knot-host.install
new file mode 100644
index 0000000..51bacf0
--- /dev/null
+++ b/distro/pkg/deb/knot-host.install
@@ -0,0 +1 @@
+usr/bin/khost
diff --git a/distro/pkg/deb/knot-host.manpages b/distro/pkg/deb/knot-host.manpages
new file mode 100644
index 0000000..4891e2c
--- /dev/null
+++ b/distro/pkg/deb/knot-host.manpages
@@ -0,0 +1 @@
+usr/share/man/man1/khost.1
diff --git a/distro/pkg/deb/knot-module-dnstap.install b/distro/pkg/deb/knot-module-dnstap.install
new file mode 100644
index 0000000..983455e
--- /dev/null
+++ b/distro/pkg/deb/knot-module-dnstap.install
@@ -0,0 +1 @@
+usr/lib/*/knot/modules-*/dnstap.so
diff --git a/distro/pkg/deb/knot-module-geoip.install b/distro/pkg/deb/knot-module-geoip.install
new file mode 100644
index 0000000..16d87c3
--- /dev/null
+++ b/distro/pkg/deb/knot-module-geoip.install
@@ -0,0 +1 @@
+usr/lib/*/knot/modules-*/geoip.so
diff --git a/distro/pkg/deb/knot.dirs b/distro/pkg/deb/knot.dirs
new file mode 100644
index 0000000..6e937aa
--- /dev/null
+++ b/distro/pkg/deb/knot.dirs
@@ -0,0 +1 @@
+var/lib/knot
diff --git a/distro/pkg/deb/knot.init b/distro/pkg/deb/knot.init
new file mode 100644
index 0000000..3f8fcae
--- /dev/null
+++ b/distro/pkg/deb/knot.init
@@ -0,0 +1,149 @@
+#!/bin/sh
+### BEGIN INIT INFO
+# Provides: knot
+# Required-Start: $network $local_fs $remote_fs $syslog
+# Required-Stop: $remote_fs $syslog
+# Default-Start: 2 3 4 5
+# Default-Stop: 0 1 6
+# Short-Description: authoritative domain name server
+# Description: Knot DNS is a authoritative-only domain name server
+### END INIT INFO
+
+# Author: Ondřej Surý <ondrej@debian.org>
+
+# PATH should only include /usr/* if it runs after the mountnfs.sh script
+PATH=/sbin:/usr/sbin:/bin:/usr/bin
+DESC="Knot DNS server" # Introduce a short description here
+NAME=knotd # Introduce the short server's name here
+DAEMON=/usr/sbin/$NAME # Introduce the server's location here
+PIDFILE=/run/knot/knot.pid
+SCRIPTNAME=/etc/init.d/knot
+KNOTC=/usr/sbin/knotc
+RUNDIR=/run/knot
+
+# Exit if the package is not installed
+[ -x $DAEMON ] || exit 0
+
+KNOTD_ARGS=""
+
+# Read configuration variable file if it is present
+[ -r /etc/default/knot ] && . /etc/default/knot
+
+DAEMON_ARGS="-d $KNOTD_ARGS"
+
+# Define LSB log_* functions.
+# Depend on sysvinit-utils (>= 2.96) to ensure that this file is present.
+. /lib/lsb/init-functions
+
+#
+# Function that starts the daemon/service
+#
+do_start()
+{
+ # Return
+ # 0 if daemon has been started
+ # 1 if daemon was already running
+ # 2 if daemon could not be started
+
+ $KNOTC status >/dev/null 2>/dev/null \
+ && return 1
+
+ start-stop-daemon --start --quiet --pidfile $PIDFILE --exec $DAEMON --test > /dev/null \
+ || return 1
+ start-stop-daemon --start --quiet --pidfile $PIDFILE --exec $DAEMON -- \
+ $DAEMON_ARGS \
+ || return 2
+}
+
+#
+# Function that stops the daemon/service
+#
+do_stop()
+{
+ # Return
+ # 0 if daemon has been stopped
+ # 1 if daemon was already stopped
+ # 2 if daemon could not be stopped
+ # other if a failure occurred
+
+ $KNOTC status >/dev/null 2>/dev/null \
+ || return 1
+
+ $KNOTC stop >/dev/null
+ RETVAL="$?"
+ [ $? = 1 ] && return 2
+
+ # Many daemons don't delete their pidfiles when they exit.
+ rm -f $PIDFILE
+ return 0
+}
+
+do_reload() {
+ $KNOTC reload >/dev/null
+ return $?
+}
+
+do_mkrundir() {
+ mkdir -p $RUNDIR
+ chmod 0755 $RUNDIR
+ chown knot:knot $RUNDIR
+}
+
+case "$1" in
+ start)
+ do_mkrundir
+ log_daemon_msg "Starting $DESC " "$NAME"
+ do_start
+ case "$?" in
+ 0|1) log_end_msg 0 ;;
+ 2) log_end_msg 1 ;;
+ esac
+ ;;
+ stop)
+ log_daemon_msg "Stopping $DESC" "$NAME"
+ do_stop
+ case "$?" in
+ 0|1) log_end_msg 0 ;;
+ 2) log_end_msg 1 ;;
+ esac
+ ;;
+ status)
+ STATUS=$($KNOTC status 2>&1 >/dev/null)
+ RETVAL=$?
+ if [ $RETVAL = 0 ]; then
+ log_success_msg "$NAME is running"
+ else
+ log_failure_msg "$NAME is not running ($STATUS)"
+ fi
+ exit $RETVAL
+ ;;
+ reload|force-reload)
+ log_daemon_msg "Reloading $DESC" "$NAME"
+ do_reload
+ log_end_msg $?
+ ;;
+ restart)
+ log_daemon_msg "Restarting $DESC" "$NAME"
+ do_stop
+ case "$?" in
+ 0|1)
+ do_start
+ case "$?" in
+ 0) log_end_msg 0 ;;
+ 1) log_end_msg 1 ;; # Old process is still running
+ *) log_end_msg 1 ;; # Failed to start
+ esac
+ ;;
+ *)
+ # Failed to stop
+ log_end_msg 1
+ ;;
+ esac
+ ;;
+ *)
+ echo "Usage: $SCRIPTNAME {start|stop|status|restart|reload|force-reload}" >&2
+ exit 3
+ ;;
+esac
+
+:
diff --git a/distro/pkg/deb/knot.install b/distro/pkg/deb/knot.install
new file mode 100644
index 0000000..5c716fc
--- /dev/null
+++ b/distro/pkg/deb/knot.install
@@ -0,0 +1,8 @@
+debian/cz.nic.knotd.conf usr/share/dbus-1/system.d/
+debian/ufw/knot etc/ufw/applications.d/
+etc/knot/knot.conf
+usr/sbin/kcatalogprint
+usr/sbin/keymgr
+usr/sbin/kjournalprint
+usr/sbin/knotc
+usr/sbin/knotd
diff --git a/distro/pkg/deb/knot.manpages b/distro/pkg/deb/knot.manpages
new file mode 100644
index 0000000..5d23e9f
--- /dev/null
+++ b/distro/pkg/deb/knot.manpages
@@ -0,0 +1,6 @@
+usr/share/man/man5/knot.conf.5
+usr/share/man/man8/kcatalogprint.8
+usr/share/man/man8/keymgr.8
+usr/share/man/man8/kjournalprint.8
+usr/share/man/man8/knotc.8
+usr/share/man/man8/knotd.8
diff --git a/distro/pkg/deb/knot.postinst b/distro/pkg/deb/knot.postinst
new file mode 100644
index 0000000..da747c8
--- /dev/null
+++ b/distro/pkg/deb/knot.postinst
@@ -0,0 +1,16 @@
+#!/bin/sh
+set -e
+
+if [ "$1" = "configure" ]; then
+ if ! getent passwd knot > /dev/null; then
+ adduser --quiet --system --group --no-create-home --home /var/lib/knot knot
+ fi
+
+ dpkg-statoverride --list /var/lib/knot >/dev/null 2>&1 || dpkg-statoverride --update --add root knot 0770 /var/lib/knot
+ dpkg-statoverride --list /etc/knot/knot.conf >/dev/null 2>&1 || dpkg-statoverride --update --add root knot 0640 /etc/knot/knot.conf
+ dpkg-statoverride --list /etc/knot >/dev/null 2>&1 || dpkg-statoverride --update --add root knot 0750 /etc/knot
+fi
+
+#DEBHELPER#
+
+exit 0
diff --git a/distro/pkg/deb/knot.postrm b/distro/pkg/deb/knot.postrm
new file mode 100644
index 0000000..14b3d69
--- /dev/null
+++ b/distro/pkg/deb/knot.postrm
@@ -0,0 +1,21 @@
+#!/bin/sh
+set -e
+
+if test "$1" = "purge"; then
+ state_dir=/var/lib/knot
+ for db_name in "catalog" "confdb" "journal" "keys" "timers"; do
+ rm -rf $state_dir/$db_name >/dev/null 2>&1 || true
+ done
+ rmdir $state_dir >/dev/null 2>&1 || true
+ [ -e $state_dir/* ] && echo "Notice: there are still data in ${state_dir}, please check."
+
+ dpkg-statoverride --remove /var/lib/knot >/dev/null 2>&1 || true
+ dpkg-statoverride --remove /etc/knot/knot.conf >/dev/null 2>&1 || true
+ dpkg-statoverride --remove /etc/knot >/dev/null 2>&1 || true
+
+ deluser --quiet knot >/dev/null 2>&1 || true
+fi
+
+#DEBHELPER#
+
+exit 0
diff --git a/distro/pkg/deb/knot.service b/distro/pkg/deb/knot.service
new file mode 100644
index 0000000..e6c13ed
--- /dev/null
+++ b/distro/pkg/deb/knot.service
@@ -0,0 +1,30 @@
+[Unit]
+Description=Knot DNS server
+Wants=network-online.target
+After=network-online.target
+Documentation=man:knotd(8) man:knot.conf(5) man:knotc(8)
+
+[Service]
+Type=notify
+User=knot
+Group=knot
+CapabilityBoundingSet=CAP_NET_BIND_SERVICE CAP_SETPCAP
+AmbientCapabilities=CAP_NET_BIND_SERVICE CAP_SETPCAP
+ExecStartPre=/usr/sbin/knotc conf-check
+ExecStart=/usr/sbin/knotd -m "$KNOT_CONF_MAX_SIZE"
+ExecReload=/bin/kill -HUP $MAINPID
+Restart=on-abort
+LimitNOFILE=1048576
+TimeoutStopSec=300
+# Extend the systemd startup timeout by this value (seconds) for each zone
+Environment="KNOT_ZONE_LOAD_TIMEOUT_SEC=180"
+# Maximum size (MiB) of a configuration database
+Environment="KNOT_CONF_MAX_SIZE=512"
+
+# Expected systemd >= v239
+RuntimeDirectory=knot
+StateDirectory=knot
+NoNewPrivileges=yes
+
+[Install]
+WantedBy=multi-user.target
diff --git a/distro/pkg/deb/libdnssec9.install b/distro/pkg/deb/libdnssec9.install
new file mode 100644
index 0000000..17a9fe6
--- /dev/null
+++ b/distro/pkg/deb/libdnssec9.install
@@ -0,0 +1 @@
+usr/lib/*/libdnssec.so.*
diff --git a/distro/pkg/deb/libdnssec9.symbols b/distro/pkg/deb/libdnssec9.symbols
new file mode 100644
index 0000000..c3ab2ed
--- /dev/null
+++ b/distro/pkg/deb/libdnssec9.symbols
@@ -0,0 +1,96 @@
+libdnssec.so.9 libdnssec9 #MINVER#
+* Build-Depends-Package: libknot-dev
+ dnssec_algorithm_digest_support@Base 3.2.0
+ dnssec_algorithm_key_size_check@Base 3.2.0
+ dnssec_algorithm_key_size_default@Base 3.2.0
+ dnssec_algorithm_key_size_range@Base 3.2.0
+ dnssec_algorithm_key_support@Base 3.2.0
+ dnssec_algorithm_reproducible@Base 3.2.0
+ dnssec_binary_alloc@Base 3.2.0
+ dnssec_binary_cmp@Base 3.2.0
+ dnssec_binary_dup@Base 3.2.0
+ dnssec_binary_free@Base 3.2.0
+ dnssec_binary_from_base64@Base 3.2.0
+ dnssec_binary_resize@Base 3.2.0
+ dnssec_binary_to_base64@Base 3.2.0
+ dnssec_crypto_cleanup@Base 3.2.0
+ dnssec_crypto_init@Base 3.2.0
+ dnssec_crypto_reinit@Base 3.2.0
+ dnssec_digest@Base 3.2.0
+ dnssec_digest_finish@Base 3.2.0
+ dnssec_digest_init@Base 3.2.0
+ dnssec_key_can_sign@Base 3.2.0
+ dnssec_key_can_verify@Base 3.2.0
+ dnssec_key_clear@Base 3.2.0
+ dnssec_key_create_ds@Base 3.2.0
+ dnssec_key_dup@Base 3.2.0
+ dnssec_key_free@Base 3.2.0
+ dnssec_key_get_algorithm@Base 3.2.0
+ dnssec_key_get_dname@Base 3.2.0
+ dnssec_key_get_flags@Base 3.2.0
+ dnssec_key_get_keyid@Base 3.2.0
+ dnssec_key_get_keytag@Base 3.2.0
+ dnssec_key_get_protocol@Base 3.2.0
+ dnssec_key_get_pubkey@Base 3.2.0
+ dnssec_key_get_rdata@Base 3.2.0
+ dnssec_key_get_size@Base 3.2.0
+ dnssec_key_load_pkcs8@Base 3.2.0
+ dnssec_key_new@Base 3.2.0
+ dnssec_key_set_algorithm@Base 3.2.0
+ dnssec_key_set_dname@Base 3.2.0
+ dnssec_key_set_flags@Base 3.2.0
+ dnssec_key_set_protocol@Base 3.2.0
+ dnssec_key_set_pubkey@Base 3.2.0
+ dnssec_key_set_rdata@Base 3.2.0
+ dnssec_keyid_copy@Base 3.2.0
+ dnssec_keyid_equal@Base 3.2.0
+ dnssec_keyid_is_valid@Base 3.2.0
+ dnssec_keyid_normalize@Base 3.2.0
+ dnssec_keystore_close@Base 3.2.0
+ dnssec_keystore_deinit@Base 3.2.0
+ dnssec_keystore_generate@Base 3.2.0
+ dnssec_keystore_get_private@Base 3.2.0
+ dnssec_keystore_import@Base 3.2.0
+ dnssec_keystore_init@Base 3.2.0
+ dnssec_keystore_init_pkcs11@Base 3.2.0
+ dnssec_keystore_init_pkcs8@Base 3.2.0
+ dnssec_keystore_open@Base 3.2.0
+ dnssec_keystore_remove@Base 3.2.0
+ dnssec_keystore_set_private@Base 3.2.0
+ dnssec_keytag@Base 3.2.0
+ dnssec_nsec3_hash@Base 3.2.0
+ dnssec_nsec3_hash_length@Base 3.2.0
+ dnssec_nsec3_params_free@Base 3.2.0
+ dnssec_nsec3_params_from_rdata@Base 3.2.0
+ dnssec_nsec3_params_match@Base 3.2.0
+ dnssec_nsec_bitmap_add@Base 3.2.0
+ dnssec_nsec_bitmap_clear@Base 3.2.0
+ dnssec_nsec_bitmap_contains@Base 3.2.0
+ dnssec_nsec_bitmap_free@Base 3.2.0
+ dnssec_nsec_bitmap_new@Base 3.2.0
+ dnssec_nsec_bitmap_size@Base 3.2.0
+ dnssec_nsec_bitmap_write@Base 3.2.0
+ dnssec_pem_from_privkey@Base 3.2.0
+ dnssec_pem_from_x509@Base 3.2.0
+ dnssec_pem_to_privkey@Base 3.2.0
+ dnssec_pem_to_x509@Base 3.2.0
+ dnssec_random_binary@Base 3.2.0
+ dnssec_random_buffer@Base 3.2.0
+ dnssec_sign_add@Base 3.2.0
+ dnssec_sign_free@Base 3.2.0
+ dnssec_sign_init@Base 3.2.0
+ dnssec_sign_new@Base 3.2.0
+ dnssec_sign_verify@Base 3.2.0
+ dnssec_sign_write@Base 3.2.0
+ dnssec_strerror@Base 3.2.0
+ dnssec_tsig_add@Base 3.2.0
+ dnssec_tsig_algorithm_from_dname@Base 3.2.0
+ dnssec_tsig_algorithm_from_name@Base 3.2.0
+ dnssec_tsig_algorithm_size@Base 3.2.0
+ dnssec_tsig_algorithm_to_dname@Base 3.2.0
+ dnssec_tsig_algorithm_to_name@Base 3.2.0
+ dnssec_tsig_free@Base 3.2.0
+ dnssec_tsig_new@Base 3.2.0
+ dnssec_tsig_optimal_key_size@Base 3.2.0
+ dnssec_tsig_size@Base 3.2.0
+ dnssec_tsig_write@Base 3.2.0
diff --git a/distro/pkg/deb/libknot-dev.install b/distro/pkg/deb/libknot-dev.install
new file mode 100644
index 0000000..cb60d88
--- /dev/null
+++ b/distro/pkg/deb/libknot-dev.install
@@ -0,0 +1,3 @@
+usr/include/
+usr/lib/*/*.so
+usr/lib/*/pkgconfig/*
diff --git a/distro/pkg/deb/libknot14.install b/distro/pkg/deb/libknot14.install
new file mode 100644
index 0000000..f9b9f93
--- /dev/null
+++ b/distro/pkg/deb/libknot14.install
@@ -0,0 +1 @@
+usr/lib/*/libknot.so.*
diff --git a/distro/pkg/deb/libknot14.symbols b/distro/pkg/deb/libknot14.symbols
new file mode 100644
index 0000000..b6e7caf
--- /dev/null
+++ b/distro/pkg/deb/libknot14.symbols
@@ -0,0 +1,276 @@
+libknot.so.14 libknot14 #MINVER#
+* Build-Depends-Package: libknot-dev
+ KNOT_DB_LMDB_DUPSORT@Base 3.3.0
+ KNOT_DB_LMDB_INTEGERKEY@Base 3.3.0
+ KNOT_DB_LMDB_MAPASYNC@Base 3.3.0
+ KNOT_DB_LMDB_NOSYNC@Base 3.3.0
+ KNOT_DB_LMDB_NOTLS@Base 3.3.0
+ KNOT_DB_LMDB_RDONLY@Base 3.3.0
+ KNOT_DB_LMDB_WRITEMAP@Base 3.3.0
+ KNOT_DUMP_STYLE_DEFAULT@Base 3.3.0
+ knot_ctl_accept@Base 3.3.0
+ knot_ctl_alloc@Base 3.3.0
+ knot_ctl_bind@Base 3.3.0
+ knot_ctl_close@Base 3.3.0
+ knot_ctl_connect@Base 3.3.0
+ knot_ctl_free@Base 3.3.0
+ knot_ctl_receive@Base 3.3.0
+ knot_ctl_send@Base 3.3.0
+ knot_ctl_set_timeout@Base 3.3.0
+ knot_ctl_unbind@Base 3.3.0
+ knot_db_lmdb_api@Base 3.3.0
+ knot_db_lmdb_del_exact@Base 3.3.0
+ knot_db_lmdb_get_mapsize@Base 3.3.0
+ knot_db_lmdb_get_path@Base 3.3.0
+ knot_db_lmdb_get_usage@Base 3.3.0
+ knot_db_lmdb_iter_del@Base 3.3.0
+ knot_db_lmdb_txn_begin@Base 3.3.0
+ knot_db_trie_api@Base 3.3.0
+ knot_dname_cmp@Base 3.3.0
+ knot_dname_copy@Base 3.3.0
+ knot_dname_copy_lower@Base 3.3.0
+ knot_dname_free@Base 3.3.0
+ knot_dname_from_str@Base 3.3.0
+ knot_dname_in_bailiwick@Base 3.3.0
+ knot_dname_is_case_equal@Base 3.3.0
+ knot_dname_is_equal@Base 3.3.0
+ knot_dname_labels@Base 3.3.0
+ knot_dname_lf@Base 3.3.0
+ knot_dname_matched_labels@Base 3.3.0
+ knot_dname_prefixlen@Base 3.3.0
+ knot_dname_realsize@Base 3.3.0
+ knot_dname_replace_suffix@Base 3.3.0
+ knot_dname_size@Base 3.3.0
+ knot_dname_store@Base 3.3.0
+ knot_dname_to_lower@Base 3.3.0
+ knot_dname_to_str@Base 3.3.0
+ knot_dname_to_wire@Base 3.3.0
+ knot_dname_unpack@Base 3.3.0
+ knot_dname_wire_check@Base 3.3.0
+ knot_dnssec_alg_names@Base 3.3.0
+ knot_edns_add_option@Base 3.3.0
+ knot_edns_alignment_size@Base 3.3.0
+ knot_edns_chain_parse@Base 3.3.0
+ knot_edns_chain_size@Base 3.3.0
+ knot_edns_chain_write@Base 3.3.0
+ knot_edns_client_subnet_get_addr@Base 3.3.0
+ knot_edns_client_subnet_parse@Base 3.3.0
+ knot_edns_client_subnet_set_addr@Base 3.3.0
+ knot_edns_client_subnet_size@Base 3.3.0
+ knot_edns_client_subnet_write@Base 3.3.0
+ knot_edns_cookie_client_check@Base 3.3.0
+ knot_edns_cookie_client_generate@Base 3.3.0
+ knot_edns_cookie_parse@Base 3.3.0
+ knot_edns_cookie_server_check@Base 3.3.0
+ knot_edns_cookie_server_generate@Base 3.3.0
+ knot_edns_cookie_size@Base 3.3.0
+ knot_edns_cookie_write@Base 3.3.0
+ knot_edns_ede_names@Base 3.3.0
+ knot_edns_get_ext_rcode@Base 3.3.0
+ knot_edns_get_option@Base 3.3.0
+ knot_edns_get_options@Base 3.3.0
+ knot_edns_get_version@Base 3.3.0
+ knot_edns_init@Base 3.3.0
+ knot_edns_keepalive_parse@Base 3.3.0
+ knot_edns_keepalive_size@Base 3.3.0
+ knot_edns_keepalive_write@Base 3.3.0
+ knot_edns_opt_names@Base 3.3.0
+ knot_edns_reserve_option@Base 3.3.0
+ knot_edns_set_ext_rcode@Base 3.3.0
+ knot_edns_set_version@Base 3.3.0
+ knot_error_from_libdnssec@Base 3.3.0
+ knot_eth_mtu@Base 3.3.0
+ knot_eth_name_from_addr@Base 3.3.0
+ knot_eth_queues@Base 3.3.0
+ knot_eth_rss@Base 3.3.0
+ knot_eth_vlans@Base 3.3.0
+ knot_eth_xdp_mode@Base 3.3.0
+ knot_get_obsolete_rdata_descriptor@Base 3.3.0
+ knot_get_rdata_descriptor@Base 3.3.0
+ knot_naptr_header_size@Base 3.3.0
+ knot_opcode_names@Base 3.3.0
+ knot_opt_code_to_string@Base 3.3.0
+ knot_pkt_begin@Base 3.3.0
+ knot_pkt_clear@Base 3.3.0
+ knot_pkt_copy@Base 3.3.0
+ knot_pkt_ext_rcode@Base 3.3.0
+ knot_pkt_ext_rcode_name@Base 3.3.0
+ knot_pkt_free@Base 3.3.0
+ knot_pkt_init_response@Base 3.3.0
+ knot_pkt_new@Base 3.3.0
+ knot_pkt_parse@Base 3.3.0
+ knot_pkt_parse_question@Base 3.3.0
+ knot_pkt_put_question@Base 3.3.0
+ knot_pkt_put_rotate@Base 3.3.0
+ knot_pkt_reclaim@Base 3.3.0
+ knot_pkt_reserve@Base 3.3.0
+ knot_probe_alloc@Base 3.3.0
+ knot_probe_consume@Base 3.3.0
+ knot_probe_data_set@Base 3.3.0
+ knot_probe_fd@Base 3.3.0
+ knot_probe_free@Base 3.3.0
+ knot_probe_produce@Base 3.3.0
+ knot_probe_set_consumer@Base 3.3.0
+ knot_probe_set_producer@Base 3.3.0
+ knot_probe_tcp_rtt@Base 3.3.0
+ knot_quic_cleanup@Base 3.3.0
+ knot_quic_client@Base 3.3.0
+ knot_quic_conn_get_stream@Base 3.3.0
+ knot_quic_conn_local_port@Base 3.3.0
+ knot_quic_conn_new_stream@Base 3.3.0
+ knot_quic_conn_next_timeout@Base 3.3.3
+ knot_quic_conn_pin@Base 3.3.0
+ knot_quic_conn_rtt@Base 3.3.0
+ knot_quic_conn_stream_free@Base 3.3.0
+ knot_quic_creds_cert@Base 3.3.0
+ knot_quic_free_creds@Base 3.3.0
+ knot_quic_handle@Base 3.3.0
+ knot_quic_hanle_expiry@Base 3.3.3
+ knot_quic_init_creds@Base 3.3.0
+ knot_quic_init_creds_peer@Base 3.3.0
+ knot_quic_send@Base 3.3.0
+ knot_quic_session_available@Base 3.3.0
+ knot_quic_session_load@Base 3.3.0
+ knot_quic_session_save@Base 3.3.0
+ knot_quic_stream_add_data@Base 3.3.0
+ knot_quic_stream_get_process@Base 3.3.0
+ knot_quic_table_free@Base 3.3.0
+ knot_quic_table_new@Base 3.3.0
+ knot_quic_table_rem@Base 3.3.0
+ knot_quic_table_sweep@Base 3.3.0
+ knot_rcode_names@Base 3.3.0
+ knot_rdataset_add@Base 3.3.0
+ knot_rdataset_at@Base 3.3.0
+ knot_rdataset_clear@Base 3.3.0
+ knot_rdataset_copy@Base 3.3.0
+ knot_rdataset_eq@Base 3.3.0
+ knot_rdataset_intersect@Base 3.3.0
+ knot_rdataset_intersect2@Base 3.3.0
+ knot_rdataset_member@Base 3.3.0
+ knot_rdataset_merge@Base 3.3.0
+ knot_rdataset_subset@Base 3.3.0
+ knot_rdataset_subtract@Base 3.3.0
+ knot_rrclass_from_string@Base 3.3.0
+ knot_rrclass_to_string@Base 3.3.0
+ knot_rrset_add_rdata@Base 3.3.0
+ knot_rrset_clear@Base 3.3.0
+ knot_rrset_copy@Base 3.3.0
+ knot_rrset_equal@Base 3.3.0
+ knot_rrset_free@Base 3.3.0
+ knot_rrset_is_nsec3rel@Base 3.3.0
+ knot_rrset_new@Base 3.3.0
+ knot_rrset_rr_from_wire@Base 3.3.0
+ knot_rrset_rr_to_canonical@Base 3.3.0
+ knot_rrset_size@Base 3.3.0
+ knot_rrset_to_wire_extra@Base 3.3.0
+ knot_rrset_txt_dump@Base 3.3.0
+ knot_rrset_txt_dump_data@Base 3.3.0
+ knot_rrset_txt_dump_edns@Base 3.3.0
+ knot_rrset_txt_dump_header@Base 3.3.0
+ knot_rrtype_additional_needed@Base 3.3.0
+ knot_rrtype_from_string@Base 3.3.0
+ knot_rrtype_is_dnssec@Base 3.3.0
+ knot_rrtype_is_metatype@Base 3.3.0
+ knot_rrtype_should_be_lowercased@Base 3.3.0
+ knot_rrtype_to_string@Base 3.3.0
+ knot_strerror@Base 3.3.0
+ knot_svcb_param_names@Base 3.3.0
+ knot_tcp_cleanup@Base 3.3.0
+ knot_tcp_inbufs_upd@Base 3.3.0
+ knot_tcp_outbufs_ack@Base 3.3.0
+ knot_tcp_outbufs_add@Base 3.3.0
+ knot_tcp_outbufs_can_send@Base 3.3.0
+ knot_tcp_outbufs_usage@Base 3.3.0
+ knot_tcp_recv@Base 3.3.0
+ knot_tcp_reply_data@Base 3.3.0
+ knot_tcp_send@Base 3.3.0
+ knot_tcp_sweep@Base 3.3.0
+ knot_tcp_table_free@Base 3.3.0
+ knot_tcp_table_new@Base 3.3.0
+ knot_tsig_add@Base 3.3.0
+ knot_tsig_append@Base 3.3.0
+ knot_tsig_client_check@Base 3.3.0
+ knot_tsig_client_check_next@Base 3.3.0
+ knot_tsig_create_rdata@Base 3.3.0
+ knot_tsig_key_copy@Base 3.3.0
+ knot_tsig_key_deinit@Base 3.3.0
+ knot_tsig_key_init@Base 3.3.0
+ knot_tsig_key_init_file@Base 3.3.0
+ knot_tsig_key_init_str@Base 3.3.0
+ knot_tsig_rcode_names@Base 3.3.0
+ knot_tsig_rdata_alg@Base 3.3.0
+ knot_tsig_rdata_alg_name@Base 3.3.0
+ knot_tsig_rdata_error@Base 3.3.0
+ knot_tsig_rdata_fudge@Base 3.3.0
+ knot_tsig_rdata_is_ok@Base 3.3.0
+ knot_tsig_rdata_mac@Base 3.3.0
+ knot_tsig_rdata_mac_length@Base 3.3.0
+ knot_tsig_rdata_orig_id@Base 3.3.0
+ knot_tsig_rdata_other_data@Base 3.3.0
+ knot_tsig_rdata_other_data_length@Base 3.3.0
+ knot_tsig_rdata_set_fudge@Base 3.3.0
+ knot_tsig_rdata_set_mac@Base 3.3.0
+ knot_tsig_rdata_set_orig_id@Base 3.3.0
+ knot_tsig_rdata_set_other_data@Base 3.3.0
+ knot_tsig_rdata_set_time_signed@Base 3.3.0
+ knot_tsig_rdata_time_signed@Base 3.3.0
+ knot_tsig_rdata_tsig_timers_length@Base 3.3.0
+ knot_tsig_rdata_tsig_variables_length@Base 3.3.0
+ knot_tsig_server_check@Base 3.3.0
+ knot_tsig_sign@Base 3.3.0
+ knot_tsig_sign_next@Base 3.3.0
+ knot_tsig_wire_maxsize@Base 3.3.0
+ knot_tsig_wire_size@Base 3.3.0
+ knot_xdp_deinit@Base 3.3.0
+ knot_xdp_init@Base 3.3.0
+ knot_xdp_recv@Base 3.3.0
+ knot_xdp_recv_finish@Base 3.3.0
+ knot_xdp_reply_alloc@Base 3.3.0
+ knot_xdp_send@Base 3.3.0
+ knot_xdp_send_alloc@Base 3.3.0
+ knot_xdp_send_finish@Base 3.3.0
+ knot_xdp_send_free@Base 3.3.0
+ knot_xdp_send_prepare@Base 3.3.0
+ knot_xdp_socket_info@Base 3.3.0
+ knot_xdp_socket_fd@Base 3.3.0
+ yp_addr@Base 3.3.0
+ yp_addr_noport@Base 3.3.0
+ yp_addr_noport_to_bin@Base 3.3.0
+ yp_addr_noport_to_txt@Base 3.3.0
+ yp_addr_range_to_bin@Base 3.3.0
+ yp_addr_range_to_txt@Base 3.3.0
+ yp_addr_to_bin@Base 3.3.0
+ yp_addr_to_txt@Base 3.3.0
+ yp_base64_to_bin@Base 3.3.0
+ yp_base64_to_txt@Base 3.3.0
+ yp_bool_to_bin@Base 3.3.0
+ yp_bool_to_txt@Base 3.3.0
+ yp_deinit@Base 3.3.0
+ yp_dname_to_bin@Base 3.3.0
+ yp_dname_to_txt@Base 3.3.0
+ yp_format_id@Base 3.3.0
+ yp_format_key0@Base 3.3.0
+ yp_format_key1@Base 3.3.0
+ yp_hex_to_bin@Base 3.3.0
+ yp_hex_to_txt@Base 3.3.0
+ yp_init@Base 3.3.0
+ yp_int_to_bin@Base 3.3.0
+ yp_int_to_txt@Base 3.3.0
+ yp_item_to_bin@Base 3.3.0
+ yp_item_to_txt@Base 3.3.0
+ yp_option_to_bin@Base 3.3.0
+ yp_option_to_txt@Base 3.3.0
+ yp_parse@Base 3.3.0
+ yp_schema_check_deinit@Base 3.3.0
+ yp_schema_check_init@Base 3.3.0
+ yp_schema_check_parser@Base 3.3.0
+ yp_schema_check_str@Base 3.3.0
+ yp_schema_copy@Base 3.3.0
+ yp_schema_find@Base 3.3.0
+ yp_schema_free@Base 3.3.0
+ yp_schema_merge@Base 3.3.0
+ yp_schema_purge_dynamic@Base 3.3.0
+ yp_set_input_file@Base 3.3.0
+ yp_set_input_string@Base 3.3.0
+ yp_str_to_bin@Base 3.3.0
+ yp_str_to_txt@Base 3.3.0
diff --git a/distro/pkg/deb/libzscanner4.install b/distro/pkg/deb/libzscanner4.install
new file mode 100644
index 0000000..a8dc226
--- /dev/null
+++ b/distro/pkg/deb/libzscanner4.install
@@ -0,0 +1 @@
+usr/lib/*/libzscanner.so.*
diff --git a/distro/pkg/deb/libzscanner4.symbols b/distro/pkg/deb/libzscanner4.symbols
new file mode 100644
index 0000000..99ac3b7
--- /dev/null
+++ b/distro/pkg/deb/libzscanner4.symbols
@@ -0,0 +1,12 @@
+libzscanner.so.4 libzscanner4 #MINVER#
+* Build-Depends-Package: libknot-dev
+ zs_deinit@Base 3.1.0
+ zs_errorname@Base 3.1.0
+ zs_init@Base 3.1.0
+ zs_parse_all@Base 3.1.0
+ zs_parse_record@Base 3.1.0
+ zs_set_input_file@Base 3.1.0
+ zs_set_input_string@Base 3.1.0
+ zs_set_processing@Base 3.1.0
+ zs_set_processing_comment@Base 3.1.0
+ zs_strerror@Base 3.1.0
diff --git a/distro/pkg/deb/not-installed b/distro/pkg/deb/not-installed
new file mode 100644
index 0000000..c928be1
--- /dev/null
+++ b/distro/pkg/deb/not-installed
@@ -0,0 +1 @@
+etc/knot/example.com.zone
diff --git a/distro/pkg/deb/prepare-environment b/distro/pkg/deb/prepare-environment
new file mode 100755
index 0000000..7176f5e
--- /dev/null
+++ b/distro/pkg/deb/prepare-environment
@@ -0,0 +1,38 @@
+#!/bin/sh
+
+set -eu
+
+CONFFILE=${1:-/etc/knot/knot.conf}
+
+if [ ! -r $CONFFILE ]; then
+ echo "$CONFFILE doesn't exist or has wrong permissions."
+ exit 1;
+fi
+
+KNOT_RUNDIR=$(sed -ne "s/#.*$//;s/.*rundir: \"*\([^\";]*\\).*/\\1/p;" $CONFFILE)
+[ -z "$KNOT_RUNDIR" ] && KNOT_RUNDIR=/run/knot
+
+mkdir --parents "$KNOT_RUNDIR";
+
+KNOT_USER=$(sed -ne "s/#.*$//;s/.*user:[ \"]*\\([^\\:\"]*\\)[ \"]*/\\1/p;" $CONFFILE)
+
+if [ -n "$KNOT_USER" ]; then
+ if ! getent passwd $KNOT_USER >/dev/null; then
+ echo "Configured user '$KNOT_USER' doesn't exist."
+ exit 1
+ fi
+
+ KNOT_GROUP=$(sed -ne "s/#.*$//;s/.*user:[ \"]*[^\\:\"]*\\:\\([^\"]*\\)[ \"]*/\\1/p;" $CONFFILE)
+ if [ -z "$KNOT_GROUP" ]; then
+ KNOT_GROUP=$(getent group $(getent passwd "$KNOT_USER" | cut -f 4 -d :) | cut -f 1 -d :)
+ fi
+
+ if ! getent group $KNOT_GROUP >/dev/null; then
+ echo "Configured group '$KNOT_GROUP' doesn't exist."
+ exit 1
+ fi
+ chown --silent "$KNOT_USER:$KNOT_GROUP" "$KNOT_RUNDIR"
+ chmod 775 "$KNOT_RUNDIR"
+fi
+
+:
diff --git a/distro/pkg/deb/python3-libknot.install b/distro/pkg/deb/python3-libknot.install
new file mode 100644
index 0000000..ce92dec
--- /dev/null
+++ b/distro/pkg/deb/python3-libknot.install
@@ -0,0 +1,2 @@
+usr/lib/python3*/dist-packages/libknot-*.egg-info
+usr/lib/python3*/dist-packages/libknot/*.py
diff --git a/distro/pkg/deb/rules b/distro/pkg/deb/rules
new file mode 100755
index 0000000..82cc34b
--- /dev/null
+++ b/distro/pkg/deb/rules
@@ -0,0 +1,101 @@
+#!/usr/bin/make -f
+
+export DEB_BUILD_MAINT_OPTIONS = hardening=+all
+export DEB_CFLAGS_MAINT_APPEND = -Wall -DNDEBUG
+export DEB_LDFLAGS_MAINT_APPEND = -Wl,--as-needed
+
+export DPKG_GENSYMBOLS_CHECK_LEVEL := 4
+export KNOT_SOFTHSM2_DSO = /usr/lib/softhsm/libsofthsm2.so
+
+include /usr/share/dpkg/default.mk
+
+ifeq (maint,$(filter $(DEB_BUILD_OPTIONS),maint))
+ FASTPARSER := --disable-fastparser
+else
+ FASTPARSER := --enable-fastparser
+endif
+
+ifeq ($(DEB_HOST_ARCH),$(filter $(DEB_HOST_ARCH),hurd-i386))
+ RECVMMSG:=--enable-recvmmsg=no
+else
+ RECVMMSG:=--enable-recvmmsg=yes
+endif
+
+ifeq ($(DEB_HOST_ARCH),$(filter $(DEB_HOST_ARCH),amd64 i386))
+ RUN_TEST :=
+else
+ RUN_TEST := -timeout --kill-after=5s 5m
+endif
+
+LIBKNOT_SYMBOLS := $(wildcard $(CURDIR)/debian/libknot*.symbols)
+
+# MAJOR.MINOR version part
+BASE_VERSION := $(shell echo $(DEB_VERSION) | sed 's/^\([^.]\+\.[^.]\+\).*/\1/')
+
+# pyproject is supported by knot but fails on second `pybuild --build`
+# invocation due to bug in dh-python's plugin_pyproject.py wheel unpack
+export PYBUILD_SYSTEM = distutils
+
+
+%:
+ dh $@ \
+ --exclude=.la --exclude=example.com.zone \
+ --with python3
+
+override_dh_auto_configure:
+ dh_auto_configure -- \
+ --sysconfdir=/etc \
+ --localstatedir=/var/lib \
+ --libexecdir=/usr/lib/knot \
+ --with-rundir=/run/knot \
+ --with-moduledir=/usr/lib/$(DEB_HOST_MULTIARCH)/knot/modules-$(BASE_VERSION) \
+ --with-storage=/var/lib/knot \
+ --enable-systemd=auto \
+ --enable-dnstap \
+ --with-module-dnstap=shared \
+ --with-module-geoip=shared \
+ $(RECVMMSG) \
+ $(FASTPARSER) \
+ --disable-silent-rules \
+ --enable-xdp=yes \
+ --enable-quic=yes \
+ --disable-static
+
+override_dh_auto_configure-indep:
+ pybuild --dir python/libknot --configure
+ pybuild --dir python/knot_exporter --configure
+
+override_dh_auto_build-indep:
+ dh_auto_build -- html
+ pybuild --dir python/libknot --build
+ pybuild --dir python/knot_exporter --build
+
+override_dh_auto_install-arch:
+ dh_auto_install -- install
+ # rename knot.sample.conf to knot.conf
+ mv $(CURDIR)/debian/tmp/etc/knot/knot.sample.conf $(CURDIR)/debian/tmp/etc/knot/knot.conf
+ @if grep -E -q "DoQ support: +no" "$(CURDIR)/debian/tmp/usr/sbin/knotd"; then \
+ echo "Stripping the QUIC symbols"; \
+ sed -i '/knot_quic_/d' $(LIBKNOT_SYMBOLS); \
+ fi
+
+override_dh_auto_install-indep:
+ dh_auto_install -- install-html
+ # rename knot.sample.conf to knot.conf
+ mv $(CURDIR)/debian/tmp/etc/knot/knot.sample.conf $(CURDIR)/debian/tmp/etc/knot/knot.conf
+ pybuild --dir python/libknot --install
+ pybuild --dir python/knot_exporter --install
+ rm -rf $(CURDIR)/debian/tmp/usr/lib/python*/dist-packages/libknot/__pycache__
+ rm -rf $(CURDIR)/debian/tmp/usr/lib/python*/dist-packages/knot_exporter/__pycache__
+
+override_dh_auto_test-indep:
+override_dh_auto_test-arch:
+ifeq (,$(filter nocheck,$(DEB_BUILD_OPTIONS)))
+ $(RUN_TEST) dh_auto_test
+endif
+
+override_dh_missing:
+ dh_missing --fail-missing
+
+override_dh_installchangelogs:
+ dh_installchangelogs NEWS
diff --git a/distro/pkg/deb/source/format b/distro/pkg/deb/source/format
new file mode 100644
index 0000000..163aaf8
--- /dev/null
+++ b/distro/pkg/deb/source/format
@@ -0,0 +1 @@
+3.0 (quilt)
diff --git a/distro/pkg/deb/tests/authoritative-server b/distro/pkg/deb/tests/authoritative-server
new file mode 100755
index 0000000..028dfbf
--- /dev/null
+++ b/distro/pkg/deb/tests/authoritative-server
@@ -0,0 +1,150 @@
+#!/bin/bash
+
+# Author: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
+# 2018-11-02
+# License: GPLv3+
+
+# error on exit
+set -e
+# for handling jobspecs:
+set -m
+
+if [ -z "$AUTOPKGTEST_ARTIFACTS" ]; then
+ d="$(mktemp -d)"
+ remove="$d"
+else
+ d="$AUTOPKGTEST_ARTIFACTS"
+fi
+ip="${TESTIP:-127.$(( $RANDOM % 256 )).$(( $RANDOM % 256 )).$(( $RANDOM % 256 ))}"
+port="${PORT:-8123}"
+knotc="${KNOTC:-/usr/sbin/knotc}"
+knotd="${KNOTD:-/usr/sbin/knotd}"
+keymgr="${KEYMGR:-/usr/sbin/keymgr}"
+kdig="${KDIG:-$(command -v kdig)}"
+kzonecheck="${KZONECHECK:-$(command -v kzonecheck)}"
+test_address="${TEST_ADDRESS:-192.0.2.199}"
+
+declare -a knot_conf="--config=$d/knot.conf"
+declare -a knot_args=("$knot_conf" --verbose)
+
+printf "%s + %s roundtrip tests\n------------\n workdir: %s\n IP addr: %s\n knot args: %s\n" "$knotd" "$kdig" "$d" "$ip" "${knot_args[*]}"
+
+section() {
+ printf "\n%s\n" "$1"
+ sed 's/./-/g' <<<"$1"
+}
+
+cleanup () {
+ section "cleaning up"
+ find "$d" -ls
+ "${knotc}" "${knot_args[@]}" stop
+ wait %1
+ tail -n +1 -v "$d"/*.err
+ if [ "$remove" ]; then
+ printf "\ncleaning up working directory %s\n" "$remove"
+ rm -rf "$remove"
+ fi
+}
+trap cleanup EXIT
+
+section "set up config file and zonefile"
+
+user=$(id -nu)
+group=$(id -ng)
+cat > "$d/knot.conf" <<EOF
+server:
+ rundir: "$d"
+ listen: $ip@$port
+ user: $user:$group
+database:
+ storage: "$d"
+template:
+ - id: default
+ storage: "$d"
+ file: "%s.zone"
+zone:
+ - domain: example.net
+ dnssec-signing: on
+EOF
+
+cat > "$d/example.net.zone" <<EOF
+@ 1D IN SOA a.ns hostmaster 2018103100 3h 15m 1w 1d
+@ 1D IN NS a.ns.example.net.
+@ 1D IN NS b.ns.example.net.
+a.ns 1D IN A 192.0.2.1
+b.ns 1D IN A 192.0.2.2
+test 1D IN A $test_address
+EOF
+
+find "$d" -maxdepth 1 -type f -print0 | xargs -0 tail -n +1 -v
+
+mkdir -p "${d}"
+
+section "kzonecheck'ing zonefile"
+"${kzonecheck}" -v "$d/example.net.zone"
+
+section "launching knot"
+"${knotd}" "${knot_args[@]}" 2> "$d/knotd.err" &
+
+# FIXME: this is an annoying poll -- would be better if we could be
+# alerted when the daemon is done setting up the socket, but i don't
+# want to "--daemonize" if i can avoid it because i want the shell to
+# remain in direct supervision of all its processes
+tried=0
+while [ $tried -lt 10 ] ; do
+ if "${knotc}" "${knot_args[@]}" status 2>&1; then
+ break;
+ fi
+ sleep 0.5
+ tried=$(( $tried + 1 ))
+done
+if [ $tried -ge 10 ]; then
+ printf "failed to use %s\n" "${knotc}" >&2
+ exit 1
+fi
+
+section "querying knot"
+"${kdig}" -p "${port}" @"${ip}" -t A test.example.net test2.example.net
+answer="$("${kdig}" +short -p "${port}" @"${ip}" -t A test.example.net)"
+if ! [ "$answer" = "$test_address" ]; then
+ printf "test.example.net mismatch!\nexpected: %s\n got: %s\n" "$test_address" "$answer" >&2
+ exit 1
+fi
+answer2="$("${kdig}" +short -p "${port}" @"${ip}" -t A test2.example.net)"
+if ! [ "$answer2" = "" ]; then
+ printf "test2.example.net gave unexpected answer!\n got: %s\n" "$answer2" >&2
+ exit 1
+fi
+
+section "modifying zone"
+printf "test2 1D IN A $test_address\n" >>"$d/example.net.zone"
+sed -i 's/^@ 1D IN SOA.*/@ 1D IN SOA a.ns hostmaster 2018110100 3h 15m 1w 1d/' "$d/example.net.zone"
+"${knotc}" "${knot_args[@]}" reload
+sleep 1
+
+section "querying again"
+"${kdig}" -p "${port}" @"${ip}" -t A test.example.net test2.example.net
+answer="$("${kdig}" +short -p "${port}" @"${ip}" -t A test.example.net)"
+if ! [ "$answer" = "$test_address" ]; then
+ printf "test.example.net mismatch!\nexpected: %s\n got: %s\n" "$test_address" "$answer" >&2
+ exit 1
+fi
+answer2="$("${kdig}" +short -p "${port}" @"${ip}" -t A test2.example.net)"
+if ! [ "$answer2" = "$test_address" ]; then
+ printf "test2.example.net mismatch!\nexpected: %s\n got: %s\n" "$test_address" "$answer2" >&2
+ exit 1
+fi
+
+section "querying DNSSEC"
+"${kdig}" -p "${port}" @"${ip}" -t DNSKEY example.net. +dnssec
+if ! "${kdig}" -p "${port}" @"${ip}" -t DNSKEY example.net. +dnssec 2>&1 | grep -q "RRSIG[[:space:]]*DNSKEY"; then
+ printf "DNSSEC query not successful" >&2
+ exit 1
+fi
+
+section "listing keys with keymgr"
+"${keymgr}" "$knot_conf" -e example.net. list
+if ! "${keymgr}" "$knot_conf" -e example.net. list 2>&1 | grep -q "ksk=yes"; then
+ printf "keymgr did not list KSK as expected" >&2
+ exit 1
+fi
diff --git a/distro/pkg/deb/tests/control b/distro/pkg/deb/tests/control
new file mode 100644
index 0000000..e8b3dcb
--- /dev/null
+++ b/distro/pkg/deb/tests/control
@@ -0,0 +1,13 @@
+Tests: kdig
+Restrictions: skippable
+Depends:
+ ca-certificates,
+ iputils-ping,
+ knot-dnsutils,
+
+Tests: authoritative-server
+Depends:
+ findutils,
+ knot,
+ knot-dnsutils,
+ knot-dnssecutils,
diff --git a/distro/pkg/deb/tests/kdig b/distro/pkg/deb/tests/kdig
new file mode 100755
index 0000000..f1dbe5a
--- /dev/null
+++ b/distro/pkg/deb/tests/kdig
@@ -0,0 +1,14 @@
+#!/bin/bash
+
+set -e
+
+# Skip the test if no internet access
+ping -c1 1.1.1.1 2>&1 || exit 77
+
+expected=198.41.0.4
+answer=$(kdig +short +tls-ca @1.1.1.1 -q a.root-servers.net. -t A 2>&1 || true)
+
+if [ "$answer" != "$expected" ]; then
+ printf "expected: %s\ngot: %s\n" "$expected" "$answer" >&2
+ kdig -d +tls-ca @1.1.1.1 -q a.root-servers.net. -t A
+fi
diff --git a/distro/pkg/deb/ufw/knot b/distro/pkg/deb/ufw/knot
new file mode 100644
index 0000000..ee36916
--- /dev/null
+++ b/distro/pkg/deb/ufw/knot
@@ -0,0 +1,4 @@
+[Knot]
+title=Internet Domain Name Server
+description=The Knot DNS implements an Internet domain name server.
+ports=53
diff --git a/distro/pkg/deb/watch b/distro/pkg/deb/watch
new file mode 100644
index 0000000..7cf9ea1
--- /dev/null
+++ b/distro/pkg/deb/watch
@@ -0,0 +1,4 @@
+version=4
+opts=uversionmangle=s/-((alpha|beta|rc)\d*)$/~$1/,pgpsigurlmangle=s/$/.asc/,dversionmangle=s/\+hotfix// \
+https://secure.nic.cz/files/knot-dns/ \
+(?:|.*/)knot(?:[_\-]v?|)(\d\S*)\.(?:tar\.xz|txz|tar\.bz2|tbz2|tar\.gz|tgz)
diff --git a/distro/pkg/el-7/01-revert-AC_PROG_CC.patch b/distro/pkg/el-7/01-revert-AC_PROG_CC.patch
new file mode 100644
index 0000000..fb49c00
--- /dev/null
+++ b/distro/pkg/el-7/01-revert-AC_PROG_CC.patch
@@ -0,0 +1,18 @@
+From: Daniel Salzman <daniel.salzman@nic.cz>
+Date: Sun, 20 Feb 2022 20:38:35 +0100
+Subject: [PATCH] Revert "configure: upgrade from AC_PROG_CC_C99 to AC_PROG_CC"
+
+diff --git a/configure.ac b/configure.ac
+index 6506197ed..c7df7f815 100644
+--- a/configure.ac
++++ b/configure.ac
+@@ -38,7 +38,8 @@ release_date=$($SED -n 's/^Knot DNS .* (\(.*\))/\1/p;q;' ${srcdir}/NEWS)
+ AC_SUBST([RELEASE_DATE], $release_date)
+
+ # Set compiler compatibility flags
+-AC_PROG_CC
++AC_PROG_CC_C99 # AC_PROG_CC not supported by CentOS 7
++AM_PROG_CC_C_O # Needed by CentOS 7
+ AC_PROG_CPP_WERROR
+
+ # Set default CFLAGS
diff --git a/distro/pkg/el-7/02-fix-compilation-by-using-SHA-1.patch b/distro/pkg/el-7/02-fix-compilation-by-using-SHA-1.patch
new file mode 100644
index 0000000..cbc5aa2
--- /dev/null
+++ b/distro/pkg/el-7/02-fix-compilation-by-using-SHA-1.patch
@@ -0,0 +1,67 @@
+From: Daniel Salzman <daniel.salzman@nic.cz>
+Date: Mon, 20 Mar 2023 14:57:54 +0100
+Subject: [PATCH] distro/el-7: fix compilation by using SHA-1 for PIN computation
+
+diff --git a/src/libknot/quic/quic.c b/src/libknot/quic/quic.c
+index 5610865f6..555c495d9 100644
+--- a/src/libknot/quic/quic.c
++++ b/src/libknot/quic/quic.c
+@@ -460,7 +460,7 @@ void knot_quic_conn_pin(knot_quic_conn_t *conn, uint8_t *pin, size_t *pin_size,
+ goto error;
+ }
+
+- ret = gnutls_x509_crt_get_key_id(cert, GNUTLS_KEYID_USE_SHA256, pin, pin_size);
++ ret = gnutls_x509_crt_get_key_id(cert, 0, pin, pin_size);
+ if (ret != GNUTLS_E_SUCCESS) {
+ gnutls_x509_crt_deinit(cert);
+ goto error;
+diff --git a/src/utils/common/tls.c b/src/utils/common/tls.c
+index 245dd3f96..6a2e7a986 100644
+--- a/src/utils/common/tls.c
++++ b/src/utils/common/tls.c
+@@ -328,7 +328,7 @@ static int check_certificates(gnutls_session_t session, const list_t *pins)
+
+ uint8_t cert_pin[CERT_PIN_LEN] = { 0 };
+ size_t cert_pin_size = sizeof(cert_pin);
+- ret = gnutls_x509_crt_get_key_id(cert, GNUTLS_KEYID_USE_SHA256,
++ ret = gnutls_x509_crt_get_key_id(cert, 0,
+ cert_pin, &cert_pin_size);
+ if (ret != 0) {
+ gnutls_x509_crt_deinit(cert);
+@@ -336,18 +336,18 @@ static int check_certificates(gnutls_session_t session, const list_t *pins)
+ }
+
+ // Check if correspond to a specified PIN.
+- bool match = check_pin(cert_pin, sizeof(cert_pin), pins);
++ bool match = check_pin(cert_pin, cert_pin_size, pins);
+ if (match) {
+ matches++;
+ }
+
+ uint8_t *txt_pin;
+- ret = knot_base64_encode_alloc(cert_pin, sizeof(cert_pin), &txt_pin);
++ ret = knot_base64_encode_alloc(cert_pin, cert_pin_size, &txt_pin);
+ if (ret < 0) {
+ gnutls_x509_crt_deinit(cert);
+ return ret;
+ }
+- DBG(" SHA-256 PIN: %.*s%s", ret, txt_pin, match ? ", MATCH" : "");
++ DBG(" SHA-1 PIN: %.*s%s", ret, txt_pin, match ? ", MATCH" : "");
+ free(txt_pin);
+
+ gnutls_x509_crt_deinit(cert);
+diff --git a/src/utils/kdig/kdig_params.c b/src/utils/kdig/kdig_params.c
+index 359b8b596..8fd33b011 100644
+--- a/src/utils/kdig/kdig_params.c
++++ b/src/utils/kdig/kdig_params.c
+@@ -707,8 +707,8 @@ static int opt_tls_pin(const char *arg, void *query)
+ if (ret < 0) {
+ ERR("invalid +tls-pin=%s", arg);
+ return ret;
+- } else if (ret != CERT_PIN_LEN) { // Check for 256-bit value.
+- ERR("invalid sha256 hash length +tls-pin=%s", arg);
++ } else if (ret != 20) { // Check for 256-bit value.
++ ERR("invalid sha1 hash length +tls-pin=%s", arg);
+ return KNOT_EINVAL;
+ }
+
diff --git a/distro/pkg/el-7/03-doc-don-t-try-to-import-sphinx_panels.patch b/distro/pkg/el-7/03-doc-don-t-try-to-import-sphinx_panels.patch
new file mode 100644
index 0000000..8ef7e7e
--- /dev/null
+++ b/distro/pkg/el-7/03-doc-don-t-try-to-import-sphinx_panels.patch
@@ -0,0 +1,25 @@
+From c05abb0401d3343b96ced4a6cdd724ee04adfe1b Mon Sep 17 00:00:00 2001
+From: Daniel Salzman <daniel.salzman@nic.cz>
+Date: Mon, 21 Aug 2023 16:54:46 +0200
+Subject: [PATCH] doc: don't try to import sphinx_panels on CentOS 7
+
+
+ 1 file changed, 3 deletions(-)
+
+diff --git a/doc/conf.py b/doc/conf.py
+index fc2e94d96..515241051 100644
+--- a/doc/conf.py
++++ b/doc/conf.py
+@@ -27,9 +27,6 @@ sys.path.insert(0, os.path.abspath('ext'))
+
+ # Add any Sphinx extension module names here, as strings. They can be extensions
+ # coming with Sphinx (named 'sphinx.ext.*') or your custom ones.
+-import importlib.util
+-if importlib.util.find_spec("sphinx_panels"):
+- extensions = [ 'sphinx_panels' ]
+
+ # Add any paths that contain templates here, relative to this directory.
+ templates_path = ['_templates']
+--
+2.25.1
+
diff --git a/distro/pkg/el-7/04-revert-don-t-share-PKCS-11-private-keys.patch b/distro/pkg/el-7/04-revert-don-t-share-PKCS-11-private-keys.patch
new file mode 100644
index 0000000..a13be90
--- /dev/null
+++ b/distro/pkg/el-7/04-revert-don-t-share-PKCS-11-private-keys.patch
@@ -0,0 +1,166 @@
+From 1bad8f831a9fd506516549ac7461f97c689a0c46 Mon Sep 17 00:00:00 2001
+From: Daniel Salzman <daniel.salzman@nic.cz>
+Date: Mon, 11 Dec 2023 17:08:23 +0100
+Subject: [PATCH] Revert "zone-sign: don't share PKCS 11 private keys by
+ multiple signing threads"
+
+This reverts commit 7d63e8e0825e03b8e0608e87b86968c452755c93.
+---
+ src/knot/dnssec/zone-keys.c | 38 +++----------------------------------
+ src/libdnssec/key.h | 4 ++--
+ src/libdnssec/key/key.c | 24 +----------------------
+ tests/libdnssec/test_key.c | 4 ++--
+ 4 files changed, 8 insertions(+), 62 deletions(-)
+
+diff --git a/src/knot/dnssec/zone-keys.c b/src/knot/dnssec/zone-keys.c
+index cd6bf0bb3..d5cccc759 100644
+--- a/src/knot/dnssec/zone-keys.c
++++ b/src/knot/dnssec/zone-keys.c
+@@ -1,4 +1,4 @@
+-/* Copyright (C) 2023 CZ.NIC, z.s.p.o. <knot-dns@labs.nic.cz>
++/* Copyright (C) 2022 CZ.NIC, z.s.p.o. <knot-dns@labs.nic.cz>
+
+ This program is free software: you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+@@ -642,21 +642,6 @@ int zone_key_calculate_ds(zone_key_t *for_key, dnssec_key_digest_t digesttype,
+ return ret;
+ }
+
+-static int dup_zone_key(const zone_key_t *src, zone_key_t *dst)
+-{
+- assert(src);
+- assert(dst);
+-
+- *dst = *src;
+-
+- dst->key = dnssec_key_dup(src->key);
+- if (dst->key == NULL) {
+- return KNOT_ENOMEM;
+- }
+-
+- return KNOT_EOK;
+-}
+-
+ zone_sign_ctx_t *zone_sign_ctx(const zone_keyset_t *keyset, const kdnssec_ctx_t *dnssec_ctx)
+ {
+ zone_sign_ctx_t *ctx = calloc(1, sizeof(*ctx) + keyset->count * sizeof(*ctx->sign_ctxs));
+@@ -665,24 +650,11 @@ zone_sign_ctx_t *zone_sign_ctx(const zone_keyset_t *keyset, const kdnssec_ctx_t
+ }
+
+ ctx->sign_ctxs = (dnssec_sign_ctx_t **)(ctx + 1);
+-
+- ctx->keys = calloc(keyset->count, sizeof(*ctx->keys));
+- if (ctx->keys == NULL) {
+- zone_sign_ctx_free(ctx);
+- return NULL;
+- }
+ ctx->count = keyset->count;
+-
++ ctx->keys = keyset->keys;
+ ctx->dnssec_ctx = dnssec_ctx;
+ for (size_t i = 0; i < ctx->count; i++) {
+- // Clone the key to avoid thread contention on the key mutex.
+- int ret = dup_zone_key(&keyset->keys[i], &ctx->keys[i]);
+- if (ret != KNOT_EOK) {
+- zone_sign_ctx_free(ctx);
+- return NULL;
+- }
+-
+- ret = dnssec_sign_new(&ctx->sign_ctxs[i], ctx->keys[i].key);
++ int ret = dnssec_sign_new(&ctx->sign_ctxs[i], ctx->keys[i].key);
+ if (ret != DNSSEC_EOK) {
+ zone_sign_ctx_free(ctx);
+ return NULL;
+@@ -719,12 +691,8 @@ void zone_sign_ctx_free(zone_sign_ctx_t *ctx)
+ {
+ if (ctx != NULL) {
+ for (size_t i = 0; i < ctx->count; i++) {
+- if (ctx->keys != NULL) {
+- dnssec_key_free(ctx->keys[i].key);
+- }
+ dnssec_sign_free(ctx->sign_ctxs[i]);
+ }
+- free(ctx->keys);
+ free(ctx);
+ }
+ }
+diff --git a/src/libdnssec/key.h b/src/libdnssec/key.h
+index aa8002b4a..2a69d377f 100644
+--- a/src/libdnssec/key.h
++++ b/src/libdnssec/key.h
+@@ -1,4 +1,4 @@
+-/* Copyright (C) 2023 CZ.NIC, z.s.p.o. <knot-dns@labs.nic.cz>
++/* Copyright (C) 2022 CZ.NIC, z.s.p.o. <knot-dns@labs.nic.cz>
+
+ This program is free software: you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+@@ -134,7 +134,7 @@ void dnssec_key_free(dnssec_key_t *key);
+ /*!
+ * Create a copy of a DNSSEC key.
+ *
+- * Public key isn't duplicated.
++ * Only a public part of the key is copied.
+ */
+ dnssec_key_t *dnssec_key_dup(const dnssec_key_t *key);
+
+diff --git a/src/libdnssec/key/key.c b/src/libdnssec/key/key.c
+index 4574bbefb..f36316712 100644
+--- a/src/libdnssec/key/key.c
++++ b/src/libdnssec/key/key.c
+@@ -1,4 +1,4 @@
+-/* Copyright (C) 2023 CZ.NIC, z.s.p.o. <knot-dns@labs.nic.cz>
++/* Copyright (C) 2019 CZ.NIC, z.s.p.o. <knot-dns@labs.nic.cz>
+
+ This program is free software: you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+@@ -141,28 +141,6 @@ dnssec_key_t *dnssec_key_dup(const dnssec_key_t *key)
+ return NULL;
+ }
+
+- if (key->private_key != NULL) {
+- gnutls_privkey_init(&dup->private_key);
+-
+- gnutls_privkey_type_t type = gnutls_privkey_get_type(key->private_key);
+- if (type == GNUTLS_PRIVKEY_PKCS11) {
+-#ifdef ENABLE_PKCS11
+- gnutls_pkcs11_privkey_t tmp;
+- gnutls_privkey_export_pkcs11(key->private_key, &tmp);
+- gnutls_privkey_import_pkcs11(dup->private_key, tmp,
+- GNUTLS_PRIVKEY_IMPORT_AUTO_RELEASE);
+-#else
+- assert(0);
+-#endif // ENABLE_PKCS11
+- } else {
+- assert(type == GNUTLS_PRIVKEY_X509);
+- gnutls_x509_privkey_t tmp;
+- gnutls_privkey_export_x509(key->private_key, &tmp);
+- gnutls_privkey_import_x509(dup->private_key, tmp,
+- GNUTLS_PRIVKEY_IMPORT_AUTO_RELEASE);
+- }
+- }
+-
+ return dup;
+ }
+
+diff --git a/tests/libdnssec/test_key.c b/tests/libdnssec/test_key.c
+index c3643f08c..cd0aaee0e 100644
+--- a/tests/libdnssec/test_key.c
++++ b/tests/libdnssec/test_key.c
+@@ -1,4 +1,4 @@
+-/* Copyright (C) 2023 CZ.NIC, z.s.p.o. <knot-dns@labs.nic.cz>
++/* Copyright (C) 2021 CZ.NIC, z.s.p.o. <knot-dns@labs.nic.cz>
+
+ This program is free software: you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+@@ -148,7 +148,7 @@ static void test_private_key(const key_parameters_t *params)
+
+ check_key_tag(copy, params);
+ check_key_size(copy, params);
+- check_usage(copy, true, true);
++ check_usage(copy, true, false);
+
+ dnssec_key_free(copy);
+ dnssec_key_free(key);
+--
+2.34.1
+
diff --git a/distro/pkg/el-7/knot.service b/distro/pkg/el-7/knot.service
new file mode 100644
index 0000000..a872929
--- /dev/null
+++ b/distro/pkg/el-7/knot.service
@@ -0,0 +1,25 @@
+[Unit]
+Description=Knot DNS server
+Wants=network-online.target
+After=network-online.target
+Documentation=man:knotd(8) man:knot.conf(5) man:knotc(8)
+
+[Service]
+Type=notify
+User=knot
+Group=knot
+CapabilityBoundingSet=CAP_NET_BIND_SERVICE CAP_SETPCAP
+AmbientCapabilities=CAP_NET_BIND_SERVICE CAP_SETPCAP
+ExecStartPre=/usr/sbin/knotc conf-check
+ExecStart=/usr/sbin/knotd -m "$KNOT_CONF_MAX_SIZE"
+ExecReload=/bin/kill -HUP $MAINPID
+Restart=on-abort
+LimitNOFILE=1048576
+TimeoutStopSec=300
+# Extend the systemd startup timeout by this value (seconds) for each zone
+Environment="KNOT_ZONE_LOAD_TIMEOUT_SEC=180"
+# Maximum size (MiB) of a configuration database
+Environment="KNOT_CONF_MAX_SIZE=512"
+
+[Install]
+WantedBy=multi-user.target
diff --git a/distro/pkg/el-7/knot.spec b/distro/pkg/el-7/knot.spec
new file mode 100644
index 0000000..93d05bb
--- /dev/null
+++ b/distro/pkg/el-7/knot.spec
@@ -0,0 +1,333 @@
+%global _hardened_build 1
+%{!?_pkgdocdir: %global _pkgdocdir %{_docdir}/%{name}}
+
+%define GPG_CHECK 0
+%define BASE_VERSION %(echo "%{version}" | sed 's/^\\([^.]\\+\\.[^.]\\+\\).*/\\1/')
+%define repodir %{_builddir}/%{name}-%{version}
+
+Summary: High-performance authoritative DNS server
+Name: knot
+Version: {{ version }}
+Release: cznic.{{ release }}%{?dist}
+License: GPL-3.0-or-later
+URL: https://www.knot-dns.cz
+Source0: %{name}-%{version}.tar.xz
+
+%if 0%{?GPG_CHECK}
+Source1: https://secure.nic.cz/files/knot-dns/%{name}-%{version}.tar.xz.asc
+# PGP keys used to sign upstream releases
+# Export with --armor using command from https://fedoraproject.org/wiki/PackagingDrafts:GPGSignatures
+# Don't forget to update %%prep section when adding/removing keys
+Source100: gpgkey-742FA4E95829B6C5EAC6B85710BB7AF6FEBBD6AB.gpg.asc
+BuildRequires: gnupg2
+%endif
+
+Patch1: 01-revert-AC_PROG_CC.patch
+Patch2: 02-fix-compilation-by-using-SHA-1.patch
+Patch3: 03-doc-don-t-try-to-import-sphinx_panels.patch
+Patch4: 04-revert-don-t-share-PKCS-11-private-keys.patch
+
+# Required dependencies
+BuildRequires: autoconf
+BuildRequires: automake
+BuildRequires: libtool
+BuildRequires: devtoolset-11-make
+BuildRequires: devtoolset-11-gcc
+BuildRequires: pkgconfig(liburcu)
+BuildRequires: pkgconfig(gnutls) >= 3.3
+BuildRequires: pkgconfig(libedit)
+
+# Optional dependencies
+BuildRequires: pkgconfig(libcap-ng)
+BuildRequires: pkgconfig(libidn2)
+BuildRequires: pkgconfig(libmnl)
+BuildRequires: pkgconfig(libnghttp2)
+BuildRequires: pkgconfig(libsystemd)
+BuildRequires: pkgconfig(systemd)
+# dnstap dependencies
+BuildRequires: pkgconfig(libfstrm)
+BuildRequires: pkgconfig(libprotobuf-c)
+# geoip dependencies
+BuildRequires: pkgconfig(libmaxminddb)
+
+# Distro-dependent dependencies
+%if 0%{?suse_version}
+BuildRequires: python3-Sphinx
+BuildRequires: lmdb-devel
+BuildRequires: protobuf-c
+Requires(pre): pwdutils
+%endif
+%if 0%{?rhel} && 0%{?rhel} <= 7
+BuildRequires: python-sphinx
+BuildRequires: lmdb-devel
+%endif
+%if 0%{?fedora} || 0%{?rhel} > 7
+BuildRequires: python3-sphinx
+BuildRequires: pkgconfig(lmdb)
+%endif
+
+# disable XDP on old EL
+%define configure_xdp --enable-xdp=no
+
+Requires(post): systemd %{_sbindir}/runuser
+Requires(preun): systemd
+Requires(postun): systemd
+
+Conflicts: knot-resolver < 5.7.0
+
+Requires: %{name}-libs%{?_isa} = %{version}-%{release}
+
+%description
+Knot DNS is a high-performance authoritative DNS server implementation.
+
+%package libs
+Summary: Libraries used by the Knot DNS server and client applications
+
+%description libs
+The package contains shared libraries used by the Knot DNS server and
+utilities.
+
+%package devel
+Summary: Development header files for the Knot DNS libraries
+Requires: %{name}-libs%{?_isa} = %{version}-%{release}
+
+%description devel
+The package contains development header files for the Knot DNS libraries
+included in knot-libs package.
+
+%package utils
+Summary: DNS client utilities shipped with the Knot DNS server
+Requires: %{name}-libs%{?_isa} = %{version}-%{release}
+# Debian package compat
+Provides: %{name}-dnsutils = %{version}-%{release}
+
+%description utils
+The package contains DNS client utilities shipped with the Knot DNS server.
+
+%package dnssecutils
+Summary: DNSSEC tools shipped with the Knot DNS server
+Requires: %{name}-libs%{?_isa} = %{version}-%{release}
+
+%description dnssecutils
+The package contains DNSSEC tools shipped with the Knot DNS server.
+
+%package module-dnstap
+Summary: dnstap module for Knot DNS
+Requires: %{name} = %{version}-%{release}
+
+%description module-dnstap
+The package contains dnstap Knot DNS module for logging DNS traffic.
+
+%package module-geoip
+Summary: geoip module for Knot DNS
+Requires: %{name} = %{version}-%{release}
+
+%description module-geoip
+The package contains geoip Knot DNS module for geography-based responses.
+
+%package doc
+Summary: Documentation for the Knot DNS server
+BuildArch: noarch
+Provides: bundled(jquery)
+
+%description doc
+The package contains documentation for the Knot DNS server.
+On-line version is available on https://www.knot-dns.cz/documentation/
+
+%prep
+%if 0%{?GPG_CHECK}
+export GNUPGHOME=./gpg-keyring
+[ -d ${GNUPGHOME} ] && rm -r ${GNUPGHOME}
+mkdir --mode=700 ${GNUPGHOME}
+gpg2 --import %{SOURCE100}
+gpg2 --verify %{SOURCE1} %{SOURCE0}
+%endif
+%autosetup -p1
+
+%build
+# disable debug code (causes unused warnings)
+CFLAGS="%{optflags} -DNDEBUG -Wno-unused"
+
+%ifarch armv7hl i686
+# 32-bit architectures sometimes do not have sufficient amount of
+# contiguous address space to handle default values
+%define configure_db_sizes --with-conf-mapsize=64
+%endif
+
+autoreconf -if
+
+export CC="/opt/rh/devtoolset-11/root/usr/bin/gcc"
+%configure \
+ --sysconfdir=/etc \
+ --localstatedir=/var/lib \
+ --libexecdir=/usr/lib/knot \
+ --with-rundir=/run/knot \
+ --with-moduledir=%{_libdir}/knot/modules-%{BASE_VERSION} \
+ --with-storage=/var/lib/knot \
+ %{?configure_db_sizes} \
+ %{?configure_xdp} \
+ --disable-static \
+ --enable-dnstap=yes \
+ --with-module-dnstap=shared \
+ --with-module-geoip=shared
+make %{?_smp_mflags}
+make html
+
+%install
+make install DESTDIR=%{buildroot}
+
+# install documentation
+install -d -m 0755 %{buildroot}%{_pkgdocdir}/samples
+install -p -m 0644 -t %{buildroot}%{_pkgdocdir}/samples samples/*.zone*
+install -p -m 0644 NEWS README.md %{buildroot}%{_pkgdocdir}
+cp -av doc/_build/html %{buildroot}%{_pkgdocdir}
+[ -r %{buildroot}%{_pkgdocdir}/html/index.html ] || exit 1
+rm -f %{buildroot}%{_pkgdocdir}/html/.buildinfo
+
+# install daemon and dbus configuration files
+rm %{buildroot}%{_sysconfdir}/%{name}/*
+install -p -m 0644 -D %{repodir}/samples/%{name}.sample.conf %{buildroot}%{_sysconfdir}/%{name}/%{name}.conf
+%if 0%{?fedora} || 0%{?rhel} > 7
+install -p -m 0644 -D %{repodir}/distro/common/cz.nic.knotd.conf %{buildroot}%{_sysconfdir}/dbus-1/system.d/cz.nic.knotd.conf
+%endif
+
+# install systemd files
+install -p -m 0644 -D %{repodir}/distro/pkg/el-7/%{name}.service %{buildroot}%{_unitdir}/%{name}.service
+install -p -m 0644 -D %{repodir}/distro/pkg/el-7/%{name}.tmpfiles %{buildroot}%{_tmpfilesdir}/%{name}.conf
+%if 0%{?suse_version}
+ln -s service %{buildroot}/%{_sbindir}/rcknot
+%endif
+
+# create storage dir
+install -d %{buildroot}%{_sharedstatedir}
+install -d -m 0770 -D %{buildroot}%{_sharedstatedir}/knot
+
+# remove libarchive files
+find %{buildroot} -type f -name "*.la" -delete -print
+
+%check
+V=1 make check
+
+%pre
+getent group knot >/dev/null || groupadd -r knot
+getent passwd knot >/dev/null || \
+ useradd -r -g knot -d %{_sharedstatedir}/knot -s /sbin/nologin \
+ -c "Knot DNS server" knot
+%if 0%{?suse_version}
+%service_add_pre knot.service
+%endif
+
+%post
+systemd-tmpfiles --create %{_tmpfilesdir}/knot.conf &>/dev/null || :
+%if 0%{?suse_version}
+%service_add_post knot.service
+%else
+%systemd_post knot.service
+%endif
+
+%preun
+%if 0%{?suse_version}
+%service_del_preun knot.service
+%else
+%systemd_preun knot.service
+%endif
+
+%postun
+%if 0%{?suse_version}
+%service_del_postun knot.service
+%else
+%systemd_postun_with_restart knot.service
+%endif
+
+%if 0%{?fedora} || 0%{?rhel} > 7
+# https://fedoraproject.org/wiki/Changes/Removing_ldconfig_scriptlets
+%else
+%post libs -p /sbin/ldconfig
+%postun libs -p /sbin/ldconfig
+%endif
+
+%files
+%license COPYING
+%doc %{_pkgdocdir}
+%exclude %{_pkgdocdir}/html
+%attr(770,root,knot) %dir %{_sysconfdir}/knot
+%config(noreplace) %attr(640,root,knot) %{_sysconfdir}/knot/knot.conf
+%if 0%{?fedora} || 0%{?rhel} > 7
+%config(noreplace) %attr(644,root,root) %{_sysconfdir}/dbus-1/system.d/cz.nic.knotd.conf
+%endif
+%attr(770,root,knot) %dir %{_sharedstatedir}/knot
+%dir %{_libdir}/knot
+%dir %{_libdir}/knot/modules-*
+%{_unitdir}/knot.service
+%{_tmpfilesdir}/knot.conf
+%{_sbindir}/kcatalogprint
+%{_sbindir}/kjournalprint
+%{_sbindir}/keymgr
+%{_sbindir}/knotc
+%{_sbindir}/knotd
+%if 0%{?suse_version}
+%{_sbindir}/rcknot
+%endif
+%{_mandir}/man5/knot.conf.*
+%{_mandir}/man8/kcatalogprint.*
+%{_mandir}/man8/kjournalprint.*
+%{_mandir}/man8/keymgr.*
+%{_mandir}/man8/knotc.*
+%{_mandir}/man8/knotd.*
+%ghost %attr(770,root,knot) %dir %{_rundir}/knot
+
+%files utils
+%{_bindir}/kdig
+%{_bindir}/khost
+%{_bindir}/knsupdate
+%if 0%{?use_xdp}
+%{_sbindir}/kxdpgun
+%{_mandir}/man8/kxdpgun.*
+%endif
+%{_mandir}/man1/kdig.*
+%{_mandir}/man1/khost.*
+%{_mandir}/man1/knsupdate.*
+
+%files dnssecutils
+%{_bindir}/knsec3hash
+%{_bindir}/kzonecheck
+%{_bindir}/kzonesign
+%{_mandir}/man1/knsec3hash.*
+%{_mandir}/man1/kzonecheck.*
+%{_mandir}/man1/kzonesign.*
+
+%files module-dnstap
+%{_libdir}/knot/modules-*/dnstap.so
+
+%files module-geoip
+%{_libdir}/knot/modules-*/geoip.so
+
+%files libs
+%license COPYING
+%doc NEWS
+%doc README.md
+%{_libdir}/libdnssec.so.*
+%{_libdir}/libknot.so.*
+%{_libdir}/libzscanner.so.*
+
+%files devel
+%{_includedir}/libdnssec
+%{_includedir}/knot
+%{_includedir}/libknot
+%{_includedir}/libzscanner
+%{_libdir}/libdnssec.so
+%{_libdir}/libknot.so
+%{_libdir}/libzscanner.so
+%{_libdir}/pkgconfig/knotd.pc
+%{_libdir}/pkgconfig/libdnssec.pc
+%{_libdir}/pkgconfig/libknot.pc
+%{_libdir}/pkgconfig/libzscanner.pc
+
+%files doc
+%dir %{_pkgdocdir}
+%doc %{_pkgdocdir}/html
+
+%changelog
+* {{ now }} Jakub Ružička <jakub.ruzicka@nic.cz> - {{ version }}-{{ release }}
+- upstream package
+- see https://www.knot-dns.cz
diff --git a/distro/pkg/el-7/knot.tmpfiles b/distro/pkg/el-7/knot.tmpfiles
new file mode 100644
index 0000000..edec729
--- /dev/null
+++ b/distro/pkg/el-7/knot.tmpfiles
@@ -0,0 +1,3 @@
+# tmpfiles.d(5) runtime directory for knot
+#Type Path Mode UID GID Age Argument
+ d /run/knot 0755 knot knot - -
diff --git a/distro/pkg/nix/default.nix b/distro/pkg/nix/default.nix
new file mode 100644
index 0000000..eca1698
--- /dev/null
+++ b/distro/pkg/nix/default.nix
@@ -0,0 +1,86 @@
+{ lib, stdenv, fetchurl, pkg-config, gnutls, liburcu, lmdb, libcap_ng, libidn2, libunistring
+, systemd, nettle, libedit, zlib, libiconv, libintl, libmaxminddb, libbpf, nghttp2, libmnl
+, ngtcp2-gnutls, xdp-tools
+, autoreconfHook
+, nixosTests, knot-resolver, knot-dns, runCommandLocal
+}:
+
+stdenv.mkDerivation rec {
+ pname = "knot-dns";
+ version = "{{ version }}";
+
+ src = fetchurl {
+ url = "https://secure.nic.cz/files/knot-dns/knot-${version}.tar.xz";
+ sha256 = "{{ src_hash }}";
+ };
+
+ outputs = [ "bin" "out" "dev" ];
+
+ configureFlags = [
+ "--with-configdir=/etc/knot"
+ "--with-rundir=/run/knot"
+ "--with-storage=/var/lib/knot"
+ ];
+
+ patches = [
+ # Don't try to create directories like /var/lib/knot at build time.
+ # They are later created from NixOS itself.
+ ./dont-create-run-time-dirs.patch
+ ./runtime-deps.patch
+ ];
+
+ nativeBuildInputs = [ pkg-config autoreconfHook ];
+ buildInputs = [
+ gnutls liburcu libidn2 libunistring
+ nettle libedit
+ libiconv lmdb libintl
+ nghttp2 # DoH support in kdig
+ ngtcp2-gnutls # DoQ support in kdig (and elsewhere but not much use there yet)
+ libmaxminddb # optional for geoip module (it's tiny)
+ # without sphinx &al. for developer documentation
+ # TODO: add dnstap support?
+ ] ++ lib.optionals stdenv.isLinux [
+ libcap_ng systemd
+ xdp-tools libbpf libmnl # XDP support (it's Linux kernel API)
+ ] ++ lib.optional stdenv.isDarwin zlib; # perhaps due to gnutls
+
+ enableParallelBuilding = true;
+
+ CFLAGS = [ "-O2" "-DNDEBUG" ];
+
+ doCheck = true;
+ checkFlags = [ "V=1" ]; # verbose output in case some test fails
+ doInstallCheck = true;
+
+ postInstall = ''
+ rm -r "$out"/lib/*.la
+ '';
+
+ passthru.tests = {
+ inherit knot-resolver;
+ } // lib.optionalAttrs stdenv.isLinux {
+ inherit (nixosTests) knot kea;
+ # Some dependencies are very version-sensitive, so the might get dropped
+ # or embedded after some update, even if the nixPackagers didn't intend to.
+ # For non-linux I don't know a good replacement for `ldd`.
+ deps = runCommandLocal "knot-deps-test"
+ { nativeBuildInputs = [ (lib.getBin stdenv.cc.libc) ]; }
+ ''
+ for libname in libngtcp2 libxdp libbpf; do
+ echo "Checking for $libname:"
+ ldd '${knot-dns.bin}/bin/knotd' | grep -F "$libname"
+ echo "OK"
+ done
+ touch "$out"
+ '';
+ };
+
+ meta = with lib; {
+ description = "Authoritative-only DNS server from .cz domain registry";
+ homepage = "https://knot-dns.cz";
+ license = licenses.gpl3Plus;
+ platforms = platforms.unix;
+ maintainers = [ maintainers.vcunat ];
+ mainProgram = "knotd";
+ };
+}
diff --git a/distro/pkg/nix/dont-create-run-time-dirs.patch b/distro/pkg/nix/dont-create-run-time-dirs.patch
new file mode 100644
index 0000000..9fe165e
--- /dev/null
+++ b/distro/pkg/nix/dont-create-run-time-dirs.patch
@@ -0,0 +1,32 @@
+diff --git a/samples/Makefile.am b/samples/Makefile.am
+index c253c91..107401d 100644
+--- a/samples/Makefile.am
++++ b/samples/Makefile.am
+@@ -19,11 +19,6 @@ EXTRA_DIST = knot.sample.conf.in example.com.zone
+
+ if HAVE_DAEMON
+
+-install-data-local: knot.sample.conf
+- if [ \! -f $(DESTDIR)/$(config_dir)/knot.sample.conf ]; then \
+- $(INSTALL) -d $(DESTDIR)/$(config_dir); \
+- $(INSTALL_DATA) knot.sample.conf $(srcdir)/example.com.zone $(DESTDIR)/$(config_dir); \
+- fi
+ uninstall-local:
+ -rm -rf $(DESTDIR)/$(config_dir)/knot.sample.conf \
+ $(DESTDIR)/$(config_dir)/example.com.zone
+diff --git a/src/utils/Makefile.inc b/src/utils/Makefile.inc
+index e6765d9..d859d23 100644
+--- a/src/utils/Makefile.inc
++++ b/src/utils/Makefile.inc
+@@ -79,11 +79,6 @@ endif HAVE_DNSTAP
+ endif HAVE_UTILS
+
+ if HAVE_DAEMON
+-# Create storage and run-time directories
+-install-data-hook:
+- $(INSTALL) -d $(DESTDIR)/@config_dir@
+- $(INSTALL) -d $(DESTDIR)/@run_dir@
+- $(INSTALL) -d $(DESTDIR)/@storage_dir@
+
+ sbin_PROGRAMS = knotc knotd
+
diff --git a/distro/pkg/nix/runtime-deps.patch b/distro/pkg/nix/runtime-deps.patch
new file mode 100644
index 0000000..19fc9cd
--- /dev/null
+++ b/distro/pkg/nix/runtime-deps.patch
@@ -0,0 +1,14 @@
+Remove unnecessary runtime dependencies.
+
+`knotc status configure` shows summary from the configure script,
+but that contains also references like include paths.
+Filter these at least in a crude way (whole lines).
+--- a/configure.ac
++++ b/configure.ac
+@@ -766,5 +766,5 @@ result_msg_base=" Knot DNS $VERSION
+
+-result_msg_esc=$(echo -n "$result_msg_base" | sed '$!s/$/\\n/' | tr -d '\n')
++result_msg_esc=$(echo -n "$result_msg_base" | grep -Fv "$NIX_STORE" | sed '$!s/$/\\n/' | tr -d '\n')
+
+ AC_DEFINE_UNQUOTED([CONFIGURE_SUMMARY],["$result_msg_esc"],[Configure summary])
+
diff --git a/distro/pkg/nix/top-level.nix b/distro/pkg/nix/top-level.nix
new file mode 100644
index 0000000..303923c
--- /dev/null
+++ b/distro/pkg/nix/top-level.nix
@@ -0,0 +1,8 @@
+
+with import <nixpkgs> {};
+
+(callPackage ./. {
+}).overrideAttrs (attrs: {
+ src = ./knot-{{ version }}.tar.xz;
+})
+
diff --git a/distro/pkg/rpm/knot.spec b/distro/pkg/rpm/knot.spec
new file mode 100644
index 0000000..a5c1384
--- /dev/null
+++ b/distro/pkg/rpm/knot.spec
@@ -0,0 +1,324 @@
+%global _hardened_build 1
+%{!?_pkgdocdir: %global _pkgdocdir %{_docdir}/%{name}}
+
+%define GPG_CHECK 0
+%define BASE_VERSION %(echo "%{version}" | sed 's/^\\([^.]\\+\\.[^.]\\+\\).*/\\1/')
+%define repodir %{_builddir}/%{name}-%{version}
+
+Summary: High-performance authoritative DNS server
+Name: knot
+Version: {{ version }}
+Release: cznic.{{ release }}%{?dist}
+License: GPL-3.0-or-later
+URL: https://www.knot-dns.cz
+Source0: %{name}-%{version}.tar.xz
+
+%if 0%{?GPG_CHECK}
+Source1: https://secure.nic.cz/files/knot-dns/%{name}-%{version}.tar.xz.asc
+# PGP keys used to sign upstream releases
+# Export with --armor using command from https://fedoraproject.org/wiki/PackagingDrafts:GPGSignatures
+# Don't forget to update %%prep section when adding/removing keys
+Source100: gpgkey-742FA4E95829B6C5EAC6B85710BB7AF6FEBBD6AB.gpg.asc
+BuildRequires: gnupg2
+%endif
+
+# Required dependencies
+BuildRequires: autoconf
+BuildRequires: automake
+BuildRequires: libtool
+BuildRequires: make
+BuildRequires: gcc
+BuildRequires: pkgconfig(liburcu)
+BuildRequires: pkgconfig(gnutls)
+BuildRequires: pkgconfig(libedit)
+
+# Optional dependencies
+BuildRequires: pkgconfig(libcap-ng)
+BuildRequires: pkgconfig(libidn2)
+BuildRequires: pkgconfig(libmnl)
+BuildRequires: pkgconfig(libnghttp2)
+BuildRequires: pkgconfig(libsystemd)
+BuildRequires: pkgconfig(systemd)
+# dnstap dependencies
+BuildRequires: pkgconfig(libfstrm)
+BuildRequires: pkgconfig(libprotobuf-c)
+# geoip dependencies
+BuildRequires: pkgconfig(libmaxminddb)
+# XDP dependencies
+BuildRequires: pkgconfig(libbpf)
+
+# Distro-dependent dependencies
+%if 0%{?suse_version}
+BuildRequires: python3-Sphinx
+BuildRequires: lmdb-devel
+BuildRequires: protobuf-c
+Requires(pre): pwdutils
+%if 0%{?sle_version} != 150400
+BuildRequires: pkgconfig(libxdp)
+%endif
+%endif
+%if 0%{?fedora} || 0%{?rhel}
+BuildRequires: python3-sphinx
+BuildRequires: pkgconfig(lmdb)
+%if 0%{?fedora} || 0%{?rhel} >= 9
+BuildRequires: pkgconfig(libxdp)
+%endif
+%endif
+
+%if 0%{?rhel} >= 9 || 0%{?suse_version} || 0%{?fedora}
+%define configure_quic --enable-quic=yes
+%endif
+
+Requires(post): systemd %{_sbindir}/runuser
+Requires(preun): systemd
+Requires(postun): systemd
+
+Requires: %{name}-libs%{?_isa} = %{version}-%{release}
+
+%description
+Knot DNS is a high-performance authoritative DNS server implementation.
+
+%package libs
+Summary: Libraries used by the Knot DNS server and client applications
+Conflicts: knot-resolver < 5.7.0
+
+%description libs
+The package contains shared libraries used by the Knot DNS server and
+utilities.
+
+%package devel
+Summary: Development header files for the Knot DNS libraries
+Requires: %{name}-libs%{?_isa} = %{version}-%{release}
+
+%description devel
+The package contains development header files for the Knot DNS libraries
+included in knot-libs package.
+
+%package utils
+Summary: DNS client utilities shipped with the Knot DNS server
+Requires: %{name}-libs%{?_isa} = %{version}-%{release}
+# Debian package compat
+Provides: %{name}-dnsutils = %{version}-%{release}
+
+%description utils
+The package contains DNS client utilities shipped with the Knot DNS server.
+
+%package dnssecutils
+Summary: DNSSEC tools shipped with the Knot DNS server
+Requires: %{name}-libs%{?_isa} = %{version}-%{release}
+
+%description dnssecutils
+The package contains DNSSEC tools shipped with the Knot DNS server.
+
+%package module-dnstap
+Summary: dnstap module for Knot DNS
+Requires: %{name} = %{version}-%{release}
+
+%description module-dnstap
+The package contains dnstap Knot DNS module for logging DNS traffic.
+
+%package module-geoip
+Summary: geoip module for Knot DNS
+Requires: %{name} = %{version}-%{release}
+
+%description module-geoip
+The package contains geoip Knot DNS module for geography-based responses.
+
+%package doc
+Summary: Documentation for the Knot DNS server
+BuildArch: noarch
+Provides: bundled(jquery)
+
+%description doc
+The package contains documentation for the Knot DNS server.
+On-line version is available on https://www.knot-dns.cz/documentation/
+
+%prep
+%if 0%{?GPG_CHECK}
+export GNUPGHOME=./gpg-keyring
+[ -d ${GNUPGHOME} ] && rm -r ${GNUPGHOME}
+mkdir --mode=700 ${GNUPGHOME}
+gpg2 --import %{SOURCE100}
+gpg2 --verify %{SOURCE1} %{SOURCE0}
+%endif
+%autosetup -p1
+
+%build
+# disable debug code (causes unused warnings)
+CFLAGS="%{optflags} -DNDEBUG -Wno-unused"
+
+%ifarch armv7hl i686
+# 32-bit architectures sometimes do not have sufficient amount of
+# contiguous address space to handle default values
+%define configure_db_sizes --with-conf-mapsize=64
+%endif
+
+%configure \
+ --sysconfdir=/etc \
+ --localstatedir=/var/lib \
+ --libexecdir=/usr/lib/knot \
+ --with-rundir=/run/knot \
+ --with-moduledir=%{_libdir}/knot/modules-%{BASE_VERSION} \
+ --with-storage=/var/lib/knot \
+ %{?configure_db_sizes} \
+ %{?configure_quic} \
+ --disable-static \
+ --enable-dnstap=yes \
+ --with-module-dnstap=shared \
+ --with-module-geoip=shared
+make %{?_smp_mflags}
+make html
+
+%install
+make install DESTDIR=%{buildroot}
+
+# install documentation
+install -d -m 0755 %{buildroot}%{_pkgdocdir}/samples
+install -p -m 0644 -t %{buildroot}%{_pkgdocdir}/samples samples/*.zone*
+install -p -m 0644 NEWS README.md %{buildroot}%{_pkgdocdir}
+cp -av doc/_build/html %{buildroot}%{_pkgdocdir}
+[ -r %{buildroot}%{_pkgdocdir}/html/index.html ] || exit 1
+rm -f %{buildroot}%{_pkgdocdir}/html/.buildinfo
+
+# install daemon and dbus configuration files
+rm %{buildroot}%{_sysconfdir}/%{name}/*
+install -p -m 0644 -D %{repodir}/samples/%{name}.sample.conf %{buildroot}%{_sysconfdir}/%{name}/%{name}.conf
+%if 0%{?fedora} || 0%{?rhel} > 7
+install -p -m 0644 -D %{repodir}/distro/common/cz.nic.knotd.conf %{buildroot}%{_datadir}/dbus-1/system.d/cz.nic.knotd.conf
+%endif
+
+# install systemd files
+install -p -m 0644 -D %{repodir}/distro/common/%{name}.service %{buildroot}%{_unitdir}/%{name}.service
+%if 0%{?suse_version}
+ln -s service %{buildroot}/%{_sbindir}/rcknot
+%endif
+
+# create storage dir
+install -d %{buildroot}%{_sharedstatedir}
+install -d -m 0770 -D %{buildroot}%{_sharedstatedir}/knot
+
+# remove libarchive files
+find %{buildroot} -type f -name "*.la" -delete -print
+
+%check
+V=1 make check
+
+%pre
+getent group knot >/dev/null || groupadd -r knot
+getent passwd knot >/dev/null || \
+ useradd -r -g knot -d %{_sharedstatedir}/knot -s /sbin/nologin \
+ -c "Knot DNS server" knot
+%if 0%{?suse_version}
+%service_add_pre knot.service
+%endif
+
+%post
+%if 0%{?suse_version}
+%service_add_post knot.service
+%else
+%systemd_post knot.service
+%endif
+
+%preun
+%if 0%{?suse_version}
+%service_del_preun knot.service
+%else
+%systemd_preun knot.service
+%endif
+
+%postun
+%if 0%{?suse_version}
+%service_del_postun knot.service
+%else
+%systemd_postun_with_restart knot.service
+%endif
+
+%if 0%{?fedora} || 0%{?rhel} > 7
+# https://fedoraproject.org/wiki/Changes/Removing_ldconfig_scriptlets
+%else
+%post libs -p /sbin/ldconfig
+%postun libs -p /sbin/ldconfig
+%endif
+
+%files
+%license COPYING
+%doc %{_pkgdocdir}
+%exclude %{_pkgdocdir}/html
+%attr(750,root,knot) %dir %{_sysconfdir}/knot
+%config(noreplace) %attr(640,root,knot) %{_sysconfdir}/knot/knot.conf
+%if 0%{?fedora} || 0%{?rhel} > 7
+%config(noreplace) %attr(644,root,root) %{_datadir}/dbus-1/system.d/cz.nic.knotd.conf
+%endif
+%attr(770,root,knot) %dir %{_sharedstatedir}/knot
+%dir %{_libdir}/knot
+%dir %{_libdir}/knot/modules-*
+%{_unitdir}/knot.service
+%{_sbindir}/kcatalogprint
+%{_sbindir}/kjournalprint
+%{_sbindir}/keymgr
+%{_sbindir}/knotc
+%{_sbindir}/knotd
+%if 0%{?suse_version}
+%{_sbindir}/rcknot
+%endif
+%{_mandir}/man5/knot.conf.*
+%{_mandir}/man8/kcatalogprint.*
+%{_mandir}/man8/kjournalprint.*
+%{_mandir}/man8/keymgr.*
+%{_mandir}/man8/knotc.*
+%{_mandir}/man8/knotd.*
+%ghost %attr(770,root,knot) %dir %{_rundir}/knot
+
+%files utils
+%{_bindir}/kdig
+%{_bindir}/khost
+%{_bindir}/knsupdate
+%{_sbindir}/kxdpgun
+%{_mandir}/man8/kxdpgun.*
+%{_mandir}/man1/kdig.*
+%{_mandir}/man1/khost.*
+%{_mandir}/man1/knsupdate.*
+
+%files dnssecutils
+%{_bindir}/knsec3hash
+%{_bindir}/kzonecheck
+%{_bindir}/kzonesign
+%{_mandir}/man1/knsec3hash.*
+%{_mandir}/man1/kzonecheck.*
+%{_mandir}/man1/kzonesign.*
+
+%files module-dnstap
+%{_libdir}/knot/modules-*/dnstap.so
+
+%files module-geoip
+%{_libdir}/knot/modules-*/geoip.so
+
+%files libs
+%license COPYING
+%doc NEWS
+%doc README.md
+%{_libdir}/libdnssec.so.*
+%{_libdir}/libknot.so.*
+%{_libdir}/libzscanner.so.*
+
+%files devel
+%{_includedir}/libdnssec
+%{_includedir}/knot
+%{_includedir}/libknot
+%{_includedir}/libzscanner
+%{_libdir}/libdnssec.so
+%{_libdir}/libknot.so
+%{_libdir}/libzscanner.so
+%{_libdir}/pkgconfig/knotd.pc
+%{_libdir}/pkgconfig/libdnssec.pc
+%{_libdir}/pkgconfig/libknot.pc
+%{_libdir}/pkgconfig/libzscanner.pc
+
+%files doc
+%dir %{_pkgdocdir}
+%doc %{_pkgdocdir}/html
+
+%changelog
+* {{ now }} Knot DNS <knot-dns@labs.nic.cz> - {{ version }}-{{ release }}
+- upstream package
+- see https://www.knot-dns.cz
diff --git a/distro/tests/README.md b/distro/tests/README.md
new file mode 100644
index 0000000..d356db5
--- /dev/null
+++ b/distro/tests/README.md
@@ -0,0 +1,16 @@
+# packaging tests
+
+Debian autopkgtests from `distro/pkg/deb/tests` are reused here
+using `apkg test` and symlinks.
+
+To run tests (from project root):
+
+ apkg test
+
+See templated tests control: distro/tests/extra/all
+
+To see rendered control (from project root):
+
+ apkg test --show-control [--distro debian-11]
+
+See [apkg test docs](https://pkg.labs.nic.cz/pages/apkg/test/).
diff --git a/distro/tests/authoritative-server b/distro/tests/authoritative-server
new file mode 100755
index 0000000..028dfbf
--- /dev/null
+++ b/distro/tests/authoritative-server
@@ -0,0 +1,150 @@
+#!/bin/bash
+
+# Author: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
+# 2018-11-02
+# License: GPLv3+
+
+# error on exit
+set -e
+# for handling jobspecs:
+set -m
+
+if [ -z "$AUTOPKGTEST_ARTIFACTS" ]; then
+ d="$(mktemp -d)"
+ remove="$d"
+else
+ d="$AUTOPKGTEST_ARTIFACTS"
+fi
+ip="${TESTIP:-127.$(( $RANDOM % 256 )).$(( $RANDOM % 256 )).$(( $RANDOM % 256 ))}"
+port="${PORT:-8123}"
+knotc="${KNOTC:-/usr/sbin/knotc}"
+knotd="${KNOTD:-/usr/sbin/knotd}"
+keymgr="${KEYMGR:-/usr/sbin/keymgr}"
+kdig="${KDIG:-$(command -v kdig)}"
+kzonecheck="${KZONECHECK:-$(command -v kzonecheck)}"
+test_address="${TEST_ADDRESS:-192.0.2.199}"
+
+declare -a knot_conf="--config=$d/knot.conf"
+declare -a knot_args=("$knot_conf" --verbose)
+
+printf "%s + %s roundtrip tests\n------------\n workdir: %s\n IP addr: %s\n knot args: %s\n" "$knotd" "$kdig" "$d" "$ip" "${knot_args[*]}"
+
+section() {
+ printf "\n%s\n" "$1"
+ sed 's/./-/g' <<<"$1"
+}
+
+cleanup () {
+ section "cleaning up"
+ find "$d" -ls
+ "${knotc}" "${knot_args[@]}" stop
+ wait %1
+ tail -n +1 -v "$d"/*.err
+ if [ "$remove" ]; then
+ printf "\ncleaning up working directory %s\n" "$remove"
+ rm -rf "$remove"
+ fi
+}
+trap cleanup EXIT
+
+section "set up config file and zonefile"
+
+user=$(id -nu)
+group=$(id -ng)
+cat > "$d/knot.conf" <<EOF
+server:
+ rundir: "$d"
+ listen: $ip@$port
+ user: $user:$group
+database:
+ storage: "$d"
+template:
+ - id: default
+ storage: "$d"
+ file: "%s.zone"
+zone:
+ - domain: example.net
+ dnssec-signing: on
+EOF
+
+cat > "$d/example.net.zone" <<EOF
+@ 1D IN SOA a.ns hostmaster 2018103100 3h 15m 1w 1d
+@ 1D IN NS a.ns.example.net.
+@ 1D IN NS b.ns.example.net.
+a.ns 1D IN A 192.0.2.1
+b.ns 1D IN A 192.0.2.2
+test 1D IN A $test_address
+EOF
+
+find "$d" -maxdepth 1 -type f -print0 | xargs -0 tail -n +1 -v
+
+mkdir -p "${d}"
+
+section "kzonecheck'ing zonefile"
+"${kzonecheck}" -v "$d/example.net.zone"
+
+section "launching knot"
+"${knotd}" "${knot_args[@]}" 2> "$d/knotd.err" &
+
+# FIXME: this is an annoying poll -- would be better if we could be
+# alerted when the daemon is done setting up the socket, but i don't
+# want to "--daemonize" if i can avoid it because i want the shell to
+# remain in direct supervision of all its processes
+tried=0
+while [ $tried -lt 10 ] ; do
+ if "${knotc}" "${knot_args[@]}" status 2>&1; then
+ break;
+ fi
+ sleep 0.5
+ tried=$(( $tried + 1 ))
+done
+if [ $tried -ge 10 ]; then
+ printf "failed to use %s\n" "${knotc}" >&2
+ exit 1
+fi
+
+section "querying knot"
+"${kdig}" -p "${port}" @"${ip}" -t A test.example.net test2.example.net
+answer="$("${kdig}" +short -p "${port}" @"${ip}" -t A test.example.net)"
+if ! [ "$answer" = "$test_address" ]; then
+ printf "test.example.net mismatch!\nexpected: %s\n got: %s\n" "$test_address" "$answer" >&2
+ exit 1
+fi
+answer2="$("${kdig}" +short -p "${port}" @"${ip}" -t A test2.example.net)"
+if ! [ "$answer2" = "" ]; then
+ printf "test2.example.net gave unexpected answer!\n got: %s\n" "$answer2" >&2
+ exit 1
+fi
+
+section "modifying zone"
+printf "test2 1D IN A $test_address\n" >>"$d/example.net.zone"
+sed -i 's/^@ 1D IN SOA.*/@ 1D IN SOA a.ns hostmaster 2018110100 3h 15m 1w 1d/' "$d/example.net.zone"
+"${knotc}" "${knot_args[@]}" reload
+sleep 1
+
+section "querying again"
+"${kdig}" -p "${port}" @"${ip}" -t A test.example.net test2.example.net
+answer="$("${kdig}" +short -p "${port}" @"${ip}" -t A test.example.net)"
+if ! [ "$answer" = "$test_address" ]; then
+ printf "test.example.net mismatch!\nexpected: %s\n got: %s\n" "$test_address" "$answer" >&2
+ exit 1
+fi
+answer2="$("${kdig}" +short -p "${port}" @"${ip}" -t A test2.example.net)"
+if ! [ "$answer2" = "$test_address" ]; then
+ printf "test2.example.net mismatch!\nexpected: %s\n got: %s\n" "$test_address" "$answer2" >&2
+ exit 1
+fi
+
+section "querying DNSSEC"
+"${kdig}" -p "${port}" @"${ip}" -t DNSKEY example.net. +dnssec
+if ! "${kdig}" -p "${port}" @"${ip}" -t DNSKEY example.net. +dnssec 2>&1 | grep -q "RRSIG[[:space:]]*DNSKEY"; then
+ printf "DNSSEC query not successful" >&2
+ exit 1
+fi
+
+section "listing keys with keymgr"
+"${keymgr}" "$knot_conf" -e example.net. list
+if ! "${keymgr}" "$knot_conf" -e example.net. list 2>&1 | grep -q "ksk=yes"; then
+ printf "keymgr did not list KSK as expected" >&2
+ exit 1
+fi
diff --git a/distro/tests/extra/all/control b/distro/tests/extra/all/control
new file mode 100644
index 0000000..6f9da6b
--- /dev/null
+++ b/distro/tests/extra/all/control
@@ -0,0 +1,10 @@
+Tests: kdig
+Restrictions: skippable
+{%- if distro.match('deb') %}
+Depends: iputils-ping, ca-certificates
+{%- elif distro.match('rpm') %}
+Depends: iputils
+{%- endif %}
+
+Tests: authoritative-server
+Depends: findutils
diff --git a/distro/tests/kdig b/distro/tests/kdig
new file mode 100755
index 0000000..f1dbe5a
--- /dev/null
+++ b/distro/tests/kdig
@@ -0,0 +1,14 @@
+#!/bin/bash
+
+set -e
+
+# Skip the test if no internet access
+ping -c1 1.1.1.1 2>&1 || exit 77
+
+expected=198.41.0.4
+answer=$(kdig +short +tls-ca @1.1.1.1 -q a.root-servers.net. -t A 2>&1 || true)
+
+if [ "$answer" != "$expected" ]; then
+ printf "expected: %s\ngot: %s\n" "$expected" "$answer" >&2
+ kdig -d +tls-ca @1.1.1.1 -q a.root-servers.net. -t A
+fi